Lab Minutes Forum
Technical Discussion => Security => Topic started by: Administrator on May 19, 2014, 10:06:10 PM
-
hi i using your videos about .1x and acs . its preffect for me but i have
question about downloadable acl i have doamin and acs act as radius server
. my client login to domain with the username and passwordds and check with
dot1x and i use open authentication just like your video (mab part 1)
domain and dhcp traffic can be exchange but my question :when client login
and check the dot1x no problem but dacl not work for (permit ip any any )
who should i solve this problem best regards thank you
-
Please check the log on ISE and RADIUS debug to make sure the DACL was sent out to the switch. If it is,
1. Check if you have 'aaa authorization network' enabled
2. Check if you have CoA enable on the switch (ie. 'aaa server radius dynamic-author')
-
Hi thanks for comment .
we dont have ise on scenario and the dacl was sent from radius to switch (i see on monitoring section)but not applied on client .
i apply your command and get back
-
My bad.. I meant ACS but the idea is the same
-
hi
i check your command and problem not solved
is that the ios of sw3750 is important .
my ios is sw3750 ipbase-mz.12.2.50.se5
i upgrate to another ios and agin not work .
what is your suggestion?
thanks
-
The IOS should be at least 12.2.55 I believe. So when you run debug radius on the switch, do you see the ACL being received from ACS?