Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
2
Replies

802.1X Per-User Acl with IAS MICROSOFT

aaffolter
Level 1
Level 1

‎08-10-2004 04:50 AM - edited ‎03-10-2019 07:57 AM

Hi,

I authenticate a Windows XP machine through a 3550 switch with a radius Windows 2003 with 802.1X EAP.

The authentication of the machine is oK, the swith applies the attributes to the 802.1X port : a vlan ID and a Per-User acl.

When the Per-User acl is ip:inacl it's ok, but when is an ip:outacl, the Per-User acl is not applie:

%DOT1X-5-ERR_PER_USR_IP_ACL: Applied per-user IP ACL was unsuccessful on interface FastEthernet0/24.

thank you by advance for your reponces

Labels:
0 Helpful
2 Replies 2

aaffolter
Level 1
Level 1

‎08-10-2004 06:26 AM

Sorry I sent the precedent message too quickly, I found the solution. It's simply because on an Layer 2 interface on a 3550 with the "swithport" command, you can applie an outbound Acl.

0 Helpful

jafrazie
Cisco Employee
Cisco Employee

‎08-10-2004 06:44 AM

A Layer 2 interface for the 3550 can have only one IP ACL applied (in the inbound direction). A Layer 3 interface can have one IP ACL applied in each direction.

In other words, you shouldn't be able to configure it from the CLI, so trying to perform the technical equivalent via 802.1x and RADIUS will not work either.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents