Which one will over right the other - DACL

Unanswered Question
Feb 23rd, 2007

If I have configured downloadable ACL on ACS group, then one of the users who is belong to same group has assign particular ACL on his profile.

Which one will be pushed to the router is it the group ACL or user ACL

Many Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vivek Santuka Fri, 02/23/2007 - 04:33

Hi,

User profile takes precedence over group profile. So user ACL will be pushed.

Regards,

Vivek

magurwara Thu, 03/01/2007 - 08:55

aalshammari,

is your DACL working? Is it configured on PIX?

I am trying but getting an error on the PIX like "can't find authorization ACL". I have posted in detailed under topic "Downloadable ACL".

Appreciate any help.

magurwara Thu, 03/01/2007 - 09:12

Update.....

I do see in ACS logs that Authentication failed for ACL where username is the ACL name sent by PIX. (#ACSACL#-IP-myACL-45e6c605).

The failure code is "DACL request from device is not acceptable"

I guess ACS is denying but WHY?

Actions

This Discussion