From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Mon Jan 26 2009 - 21:47:50 ARST
Sir,
I am able to do 802.1x with vlan assignment, but not with ACL assignment. Do
you know any link on Cisco web site with an example like that ?
Let me change the any inside cisco-av-pair and see what happen.
Thanks
Regards
----- Original Message -----
From: Sadiq Yakasai
To: Edouard Zorrilla
Cc: security@groupstudy.com ; ccielab@groupstudy.com
Sent: Monday, January 26, 2009 12:07 PM
Subject: Re: 802.1x with ACL
Hi there,
Per-user ACLs work when the ACL is configured with the source as "any" on
ACS. The switch will replace this with the IP address of the devices that
authenticates on the port. When you do a debug or show on the port, Ibet you
would see authorization failure and not authentication failure.
<show dot1x authe f0/20 detail> should give us a very good view of whats
happening here.
[009\001] cisco-av-pair {check}
ip:inacl#1=deny ip any 150.1.0.0 0.0.255.255
ip:inacl#2=permit ip any any.
Let us know how you get on please.
HTH,
Sadiq
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST