Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 4.2 and dACL on Catalyst switches

Hello

I have ACS 4.2.0.124p14,  3750-48PSS switch with 12.50.SE3 and test PC running Windows XP. PC authenticated by MAB and switch correctly download dACL from ACS. But if dACL contains more than ~10 lines traffic not passed thru port (dACL downloaded correctly). Does anybody know why traffic is blocked or how I can debug this or any restrictions in dACL construction.

Regards,

Stanislav

3 REPLIES
Cisco Employee

Re: ACS 4.2 and dACL on Catalyst switches

This is what I understand; The port is getting authorized fine, DACL are being sent by the radius server and are getting applied to the concern port but its not taking effect. This is an on going issue..we have seen many cases with this.

As you said uf there are more then 10 lines then only its not working...In that case There is an internal bug on this: CSCsf14450: DACL not consistently downloaded to switch during MAB testing.


HTH

JK


Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ACS 4.2 and dACL on Catalyst switches

Thank you for reply. Where is bug CSCsf14450 - in ACS or Catalyst IOS?

Cisco Employee

Re: ACS 4.2 and dACL on Catalyst switches

Catalyst IOS but finally its declared as Junked bug.

~BR Jatin Katyal **Do rate helpful posts**
426
Views
0
Helpful
3
Replies