Re: 802.1x with ACL

From: Sadiq Yakasai (sadiqtanko@gmail.com)
Date: Mon Jan 26 2009 - 15:07:53 ARST

• Next message: Darby Weaver: "Re: Re-take the CCIE written exam"
• Previous message: Marko Milivojevic: "Re: Re-take the CCIE written exam"
• Maybe in reply to: Edouard Zorrilla: "802.1x with ACL"
• Next in thread: Sadiq Yakasai: "Re: 802.1x with ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi there,

Per-user ACLs work when the ACL is configured with the source as "any" on
ACS. The switch will replace this with the IP address of the devices that
authenticates on the port. When you do a debug or show on the port, Ibet you
would see authorization failure and not authentication failure.

<show dot1x authe f0/20 detail> should give us a very good view of whats
happening here.

[009\001] cisco-av-pair {check}
ip:inacl#1=deny ip *any* 150.1.0.0 0.0.255.255
ip:inacl#2=permit ip any any.

Let us know how you get on please.

HTH,
Sadiq

Blogs and organic groups at http://www.ccie.net

• Next message: Darby Weaver: "Re: Re-take the CCIE written exam"
• Previous message: Marko Milivojevic: "Re: Re-take the CCIE written exam"
• Maybe in reply to: Edouard Zorrilla: "802.1x with ACL"
• Next in thread: Sadiq Yakasai: "Re: 802.1x with ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST