https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545505#M426616 <HTML><HEAD></HEAD><BODY><P>It is windows XP running a ssh client to connect to the Cisco devices. The downloadable access-list is ceated using Cisco ACS server. Thanks for your help</P></BODY></HTML> Thu, 24 Aug 2006 15:27:04 GMT kanwar 2006-08-24T15:27:04Z https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545503#M426590 <P>HI,</P><P></P><P>I have created a one line downloadble access-list in Cisco ACS to deny a host. deny tcp any host 192.168.115.1 eq 22 and assinged it to a user and group. when I try ssh it should be denied but it works. Thx for the help in advance</P> Sun, 10 Mar 2019 21:43:27 GMT https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545503#M426590 kanwar 2019-03-10T21:43:27Z https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545504#M426601 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>What platform is requesting the ACL? is the ACL actually downloading? (show access-lists should show an access-list starting with #ACSACL#).</P><P></P><P>Do you have the keyword "per-user-override" defined on the access-group?</P><P></P><P>HTH</P><P>Andrew.</P><P></P><P></P></BODY></HTML> Thu, 24 Aug 2006 11:21:46 GMT https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545504#M426601 andrew.burns 2006-08-24T11:21:46Z https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545505#M426616 <HTML><HEAD></HEAD><BODY><P>It is windows XP running a ssh client to connect to the Cisco devices. The downloadable access-list is ceated using Cisco ACS server. Thanks for your help</P></BODY></HTML> Thu, 24 Aug 2006 15:27:04 GMT https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545505#M426616 kanwar 2006-08-24T15:27:04Z https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545506#M426625 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>A downloadable acl can only be downloaded to an aaa-client that supports it (i.e. pix/asa/router/etc.) so I was just wondering what aaa-client is configured to request the ACL?</P><P></P><P>Andrew.</P></BODY></HTML> Fri, 25 Aug 2006 07:41:28 GMT https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545506#M426625 andrew.burns 2006-08-25T07:41:28Z https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545507#M426628 <HTML><HEAD></HEAD><BODY><P>There's a few things you can check</P><P></P><P>1) the device is typed in the network config correctly... must be a device that supports DACLs.</P><P></P><P>2) If you run csradius -z -p from the command line you should see the access accept include a Cisco VSA that gives the device the name of the DSCL</P><P></P><P>3) You should then see a further access request from the device to pull down the DACL content.</P><P></P><P>Darran</P></BODY></HTML> Fri, 25 Aug 2006 18:47:15 GMT https://community.cisco.com/t5/network-access-control/downloadable-access-list/m-p/545507#M426628 darpotter 2006-08-25T18:47:15Z