Re: 3750 mixed stack does not process DACL from ISE

dgaikwad · ‎01-28-2021

Hi Experts,

Setup:
ISE 2.7, single node as off now, in the process of migration.
Posture setup, ACL are configured on switch and DACL are pushed from ISE

Issue:
When using mixed stack of switches of model 3750V2 (IOS 12.2) and 3750X (IOS 15.0) models, redirection does not work and endpoint remains stuck in no policy server detected.
While if all the lines from DACL are removed and only one line wiht, permit ip any any is added, then the posture works.
The same flow works using standalong switches.

Any ideas what is missing?
Or is the mixed stack switches is something not support with ISE 2.7? Since its working a setup in production with ISE 2.2.

balaji.bandi · ‎01-29-2021

Ca you post the configuration of these device to understand the issue, also check the matrix and support some help :

https://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/119374-technote-dacl-00.html#anc6

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marcelo Morais · ‎01-29-2021

Hi @dgaikwad ,

if my understanding is correct, you are using a different Stack Switch for your test ... please use the command bellow to check who have the Master role:

show switch

Note: for reference ... Creation and Management of 3750 Stacks.

Hope this helps.

thomas · ‎01-31-2021

You are missing any Details for Reproducibility.

See the ISE Secure Wired Access Prescriptive Deployment Guide's section Web Authentication/URL Redirection and ACLs for the discussion about how they work.