I have ACS 126.96.36.199p14, 3750-48PSS switch with 12.50.SE3 and test PC running Windows XP. PC authenticated by MAB and switch correctly download dACL from ACS. But if dACL contains more than ~10 lines traffic not passed thru port (dACL downloaded correctly). Does anybody know why traffic is blocked or how I can debug this or any restrictions in dACL construction.
This is what I understand; The port is getting authorized fine, DACL are being sent by the radius server and are getting applied to the concern port but its not taking effect. This is an on going issue..we have seen many cases with this.
As you said uf there are more then 10 lines then only its not working...In that case There is an internal bug on this: CSCsf14450: DACL not consistently downloaded to switch during MAB testing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...