Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Which one will over right the other - DACL

If I have configured downloadable ACL on ACS group, then one of the users who is belong to same group has assign particular ACL on his profile.

Which one will be pushed to the router is it the group ACL or user ACL

Many Thanks

3 REPLIES
Cisco Employee

Re: Which one will over right the other - DACL

Hi,

User profile takes precedence over group profile. So user ACL will be pushed.

Regards,

Vivek

New Member

Re: Which one will over right the other - DACL

aalshammari,

is your DACL working? Is it configured on PIX?

I am trying but getting an error on the PIX like "can't find authorization ACL". I have posted in detailed under topic "Downloadable ACL".

Appreciate any help.

New Member

Re: Which one will over right the other - DACL

Update.....

I do see in ACS logs that Authentication failed for ACL where username is the ACL name sent by PIX. (#ACSACL#-IP-myACL-45e6c605).

The failure code is "DACL request from device is not acceptable"

I guess ACS is denying but WHY?

159
Views
0
Helpful
3
Replies
CreatePlease to create content