https://community.cisco.com/t5/network-access-control/dacl-validation/m-p/3745782#M488301 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>Thanks for the update.</P> <P>I have validated it in ISE and it is showing an Valid dACL.</P> <P>&nbsp;</P> <P>However, in ISE it only checks the Syntax and I am more concerned about multiple ports mentioned in same line for few of the IP's as mentioned in dACL.&nbsp;</P> <P>&nbsp;</P> <P>Regards,</P> <P>Sadashiv</P> Tue, 13 Nov 2018 14:28:48 GMT sadashivpalde 2018-11-13T14:28:48Z https://community.cisco.com/t5/network-access-control/dacl-validation/m-p/3745663#M488298 <P>Hello All,</P> <P>We are&nbsp;having ISE2.4 Patch1 in deployment with Cisco WS-C2960+48TC-L {IOS v15.2(4)E6}.</P> <P>&nbsp;</P> <P>We&nbsp;want to use&nbsp;dACL for Non-Compliant Endpoints with limited access.</P> <P>We used dACL of 67 lines, the dACL gets applied on interface, but something goes wrong and everything is permitted for non-compliant endpoint.</P> <P>&nbsp;</P> <P>Now, we reduced the same dACL in below format upto 41 lines, want to verify if this dACL is valid and will work??</P> <P>&nbsp;</P> <P>permit tcp any host 10.1.x.x eq 53<BR />permit udp any host 10.225.x.x eq 53<BR />permit tcp any host 10.1.<SPAN>x.x</SPAN> eq 53<BR />permit udp any host 10.225.<SPAN>x.x</SPAN>&nbsp;eq 53<BR />permit udp any eq bootpc any eq bootps<BR />permit udp any eq bootps any eq bootpc <BR />permit ip any 10.227.254.0 0.0.0.255<BR />permit ip any 10.225.254.0 0.0.0.255<BR />permit tcp any any eq 52311<BR />permit udp any any eq 52311<BR />permit tcp any any eq 888<BR />permit ip any host 10.225.x.x<BR />permit tcp any any eq 445<BR />permit ip any host 10.226.x.x<BR />permit ip any host 10.226.x.x<BR />permit ip any host 10.227.x.x<BR />permit ip any host 10.227.x.x<BR />permit tcp any any eq 2967<BR />permit ip any host 10.226.x.x<BR />permit ip any host 10.226.x.x<BR />permit ip any host 10.225.x.x<BR />permit ip any host 172.18.x.x<BR />permit ip any host 10.226.x.x<BR />permit ip any host 10.225.x.x<BR />permit tcp any host 10.1.x.x eq 389 88 445 135 3268 636 3269 464<BR />permit udp any host 10.1.x.x eq 389 88 445 123 138 137 464<BR />permit tcp any host 10.225.x.x eq 389 88 445 135 3268 636 3269 464 <BR />permit udp any host 10.225.x.x eq 389 88 445 123 138 137 464<BR />permit tcp any host 10.1.33.x range 49152 65535<BR />permit tcp any host 10.225.x.x range 49152 65535<BR />permit tcp any host 10.1.x.x range 1024 5000 <BR />permit tcp any host 10.225.x.x range 1024 5000 <BR />permit tcp any host 10.226.<SPAN>x.x</SPAN> eq 80<BR />permit tcp any host 10.225.<SPAN>x.x</SPAN>&nbsp;eq 80<BR />permit tcp any host 10.226.<SPAN>x.x</SPAN> eq 80 443<BR />permit tcp any host 10.225.<SPAN>x.x</SPAN> eq 81 443<BR />permit tcp any host 10.226.<SPAN>x.x</SPAN> eq 80<BR />permit tcp any host 10.226.<SPAN>x.x</SPAN> eq 80<BR />permit tcp any host 10.225.<SPAN>x.x</SPAN> eq 8014<BR />permit tcp any host 10.225.<SPAN>x.x</SPAN> eq 8014<BR />deny ip any any</P> <P>&nbsp;</P> <P>Thanks in Advance!!</P> <P>&nbsp;</P> <P>Regards,</P> <P>Sadashiv</P> Tue, 13 Nov 2018 10:47:17 GMT https://community.cisco.com/t5/network-access-control/dacl-validation/m-p/3745663#M488298 sadashivpalde 2018-11-13T10:47:17Z https://community.cisco.com/t5/network-access-control/dacl-validation/m-p/3745704#M488300 <P>Hi , you can always check DaCL validation by ISE</P> Tue, 13 Nov 2018 12:22:55 GMT https://community.cisco.com/t5/network-access-control/dacl-validation/m-p/3745704#M488300 ognyan.totev 2018-11-13T12:22:55Z https://community.cisco.com/t5/network-access-control/dacl-validation/m-p/3745782#M488301 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>Thanks for the update.</P> <P>I have validated it in ISE and it is showing an Valid dACL.</P> <P>&nbsp;</P> <P>However, in ISE it only checks the Syntax and I am more concerned about multiple ports mentioned in same line for few of the IP's as mentioned in dACL.&nbsp;</P> <P>&nbsp;</P> <P>Regards,</P> <P>Sadashiv</P> Tue, 13 Nov 2018 14:28:48 GMT https://community.cisco.com/t5/network-access-control/dacl-validation/m-p/3745782#M488301 sadashivpalde 2018-11-13T14:28:48Z