Preview Tool

Cisco Bug: CSCup98940 - DNS-based ACLs do not work on Flexconnect

Last Modified

Sep 12, 2019

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

7.6(120.0) 8.3(15.158)

Description (partial)

config guide and TAC NPI all declare that DNS based ACL will work on flex local switching (with central auth). This is not true.
From a conceptual perspective already, with flex, you need to configure a Flex ACL as redirect-ACL since 7.5. So how is the WLC supposed to know which FQDN ACL to pull since the FQDN ACLs are configured with regular ACLs and not with flex ACLs ... ?

As a matter of fact, both customers and TAC are reporting that it just doesn't work. The same setup will work perfect if setting the AP back to local mode.

WLC 7.6
DNS based ACLs
Flexconnect local switching, central auth.
Flexconnect Central switching,central auth with regular ACL (broken too)
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.