08-10-2004 04:50 AM - edited 03-10-2019 07:57 AM
Hi,
I authenticate a Windows XP machine through a 3550 switch with a radius Windows 2003 with 802.1X EAP.
The authentication of the machine is oK, the swith applies the attributes to the 802.1X port : a vlan ID and a Per-User acl.
When the Per-User acl is ip:inacl it's ok, but when is an ip:outacl, the Per-User acl is not applie:
%DOT1X-5-ERR_PER_USR_IP_ACL: Applied per-user IP ACL was unsuccessful on interface FastEthernet0/24.
thank you by advance for your reponces
08-10-2004 06:26 AM
Sorry I sent the precedent message too quickly, I found the solution. It's simply because on an Layer 2 interface on a 3550 with the "swithport" command, you can applie an outbound Acl.
08-10-2004 06:44 AM
A Layer 2 interface for the 3550 can have only one IP ACL applied (in the inbound direction). A Layer 3 interface can have one IP ACL applied in each direction.
In other words, you shouldn't be able to configure it from the CLI, so trying to perform the technical equivalent via 802.1x and RADIUS will not work either.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide