Wireless Access

Hello,

we have activated the PEF licenses for a customer on an AOS 8.4 controller, and thus switched on the firewall.

Now, of course, most accesses no longer work.

In the first step we want to configure an "ANY", so that the accesses are possible, so that we get the pressure out.

Then build a new set of rules.

In which profiles do I have to set up what so that this "any" is globally effective ?

I have tried some any any permit rules, but that doesn work.

Authentication is working fine, but after this only ICMP is possible.

I hope this is expressed in an understandable way.

Regards

The PEF license should be added a soon as possible after an install.  Once you have a full config and the PEF license is installed, you need to adjust your roles and ACLs to make sure that users are ending up in a role with access to your network.

What role and VLAN are your authenticated users ending up in?  "show station-table" or "show user-table verbose", then type "show right <role>" to see what ACLs are attached.

The following should be possible:

The client authenticates itself to the RADIUS.
Then it has full access.

Currently it only works with the role "authenticated".
But then it is also possible to log in with unauthenticated users.

But this is not allowed.

Is the situation well explained?

The client authenticates itself to radius, and then it it put into a role.  If that role allows client connectivity, then the client has access.  If the role's ACLs are restricted, the client will not have access.  If the role also does not allow the client to pass dhcp traffic, the client will not enter the user table.

Add another role, and make sure it has the allowall acl just to test.  Make sure that role is the default 802.1x role in the AAA profile.

The main reason is roles configuration.

Sometimes reboot of  MC's also work iff you activated PEF license in live.