03-25-2014 06:15 AM - edited 03-10-2019 09:34 PM
Understanding ISE and dACL.
I don't understand correlation between ACL and dACL.
If dACL is downloaded to the Catalyst switch what is the status of the ACL attached to physical port. Is dACL appended to the existing ACL? When I typed ‘sh ip access-list int fa0/1’ I can see only dACL for access domain and dACL for voice domain appended to the previous dACL and no ACL lines.
Regards,
Vice
03-25-2014 07:51 AM
Hi,
Downloadable ACLs (dACL) are applied from your RADIUS server based on authentication and authorization policies. It overrides any standard interface ACL.
Standard interface ACLs are in place to limit traffic on the port before 802.1x or MAB authentication.
When an authenticated session terminates on the interface the standard ACL will be re-applied until the next authentication.
03-28-2014 08:10 AM
Dacl pushed by ISE replaces standard acl on port
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide