https://community.cisco.com/t5/network-access-control/cisco-ise-2-3-default-deny-access/m-p/3196924#M552431 <P>Hello guys, I noticed that the default deny access ACL does not be (push) download on the interface from the Cisco ISE server. when a default rule on the authorization policy is matched with a denyAccess ACL. The device has an access on the network and also when I check which ACL is applied on the current device interface, we noticed that there is no ACL on the interface though the radius live logs show that the default rule is matched with a DenyAccess ACL. And on the switch with the <STRONG>sh authentication session interface Gy/x,&nbsp;</STRONG>we see that<STRONG> Dot1x and MAB are failed</STRONG>.&nbsp;</P> Fri, 21 Feb 2020 18:35:49 GMT mdjan 2020-02-21T18:35:49Z https://community.cisco.com/t5/network-access-control/cisco-ise-2-3-default-deny-access/m-p/3196924#M552431 <P>Hello guys, I noticed that the default deny access ACL does not be (push) download on the interface from the Cisco ISE server. when a default rule on the authorization policy is matched with a denyAccess ACL. The device has an access on the network and also when I check which ACL is applied on the current device interface, we noticed that there is no ACL on the interface though the radius live logs show that the default rule is matched with a DenyAccess ACL. And on the switch with the <STRONG>sh authentication session interface Gy/x,&nbsp;</STRONG>we see that<STRONG> Dot1x and MAB are failed</STRONG>.&nbsp;</P> Fri, 21 Feb 2020 18:35:49 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-2-3-default-deny-access/m-p/3196924#M552431 mdjan 2020-02-21T18:35:49Z