collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: HELP FOR DACL on behalf of foladi  (Read 31348 times)

Offline Administrator

  • Administrator
  • Cisco King
  • *****
  • Posts: 61
  • Reputation: 1000
  • Certification: N/A
HELP FOR DACL on behalf of foladi
« on: May 19, 2014, 10:06:10 PM »
hi i using your videos about .1x and acs . its preffect for me but i have
question about downloadable acl i have doamin and acs act as radius server
. my client login to domain with the username and passwordds and check with
dot1x and i use open authentication just like your video (mab part 1)
domain and dhcp traffic can be exchange but my question :when client login
and check the dot1x no problem but dacl not work for (permit ip any any )
who should i solve this problem best regards thank you
Logged

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: HELP FOR DACL on behalf of foladi
« Reply #1 on: May 19, 2014, 10:09:38 PM »
Please check the log on ISE and RADIUS debug to make sure the DACL was sent out to the switch. If it is,
1. Check if you have 'aaa authorization network' enabled
2. Check if you have CoA enable on the switch (ie. 'aaa server radius dynamic-author')
Logged

Offline foladi

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
  • Certification: N/A
Re: HELP FOR DACL on behalf of foladi
« Reply #2 on: May 19, 2014, 11:54:51 PM »
Hi thanks for comment .
we dont have ise on scenario and the dacl was sent from radius to switch (i see on monitoring section)but not applied on client .
i apply your command and get back
Logged

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: HELP FOR DACL on behalf of foladi
« Reply #3 on: May 21, 2014, 07:47:04 AM »
My bad.. I meant ACS but the idea is the same
Logged

Offline foladi

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
  • Certification: N/A
Re: HELP FOR DACL on behalf of foladi
« Reply #4 on: May 28, 2014, 12:18:55 AM »
hi
i check your command and problem not solved
is that the ios of sw3750 is important .
my ios is sw3750 ipbase-mz.12.2.50.se5
i upgrate to another ios and agin not work .
what is your suggestion?
thanks
Logged

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: HELP FOR DACL on behalf of foladi
« Reply #5 on: May 28, 2014, 11:16:26 PM »
The IOS should be at least 12.2.55 I believe. So when you run debug radius on the switch, do you see the ACL being received from ACS?
Logged
Pages: [1]
« previous next »
 

Related Topics

  Subject / Started by Replies Last post
3 Replies
28958 Views 		Last post November 01, 2013, 10:50:34 PM
by adecisco
0 Replies
22570 Views 		Last post December 14, 2013, 09:08:00 AM
by Administrator
1 Replies
20775 Views 		Last post March 07, 2014, 12:19:23 PM
by MC
3 Replies
46318 Views 		Last post August 09, 2014, 05:33:45 PM
by MC
3 Replies
50295 Views 		Last post February 05, 2022, 10:03:33 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal