Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
594
Views
0
Helpful
2
Replies

I don't understand correlation between ACL and dACL. If dACL is downloaded to the Catalyst switch what is the status of the ACL

Vice Lacmanovic
Level 1
Level 1

‎03-25-2014 06:15 AM - edited ‎03-10-2019 09:34 PM

Understanding  ISE and dACL.

 I don't understand correlation between ACL and dACL.

 If dACL is downloaded to the Catalyst switch what is the status of the ACL attached to physical port. Is dACL appended to the existing ACL? When I typed ‘sh ip access-list int fa0/1’ I can see only dACL for access domain and dACL for voice domain appended to the previous dACL and no ACL lines.

 Regards,

Vice

Labels:
0 Helpful
2 Replies 2

jj27
Spotlight
Spotlight

‎03-25-2014 07:51 AM

Hi,

 

Downloadable ACLs (dACL) are applied from your RADIUS server based on authentication and authorization policies.  It overrides any standard interface ACL.

Standard interface ACLs are in place to limit traffic on the port before 802.1x or MAB authentication.

When an authenticated session terminates on the interface the standard ACL will be re-applied until the next authentication.

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎03-28-2014 08:10 AM

Dacl pushed by ISE replaces standard acl on port

0 Helpful
Customers Also Viewed These Support Documents