05-26-2020 11:51 PM - edited 05-26-2020 11:53 PM
So i was testing a new ACL and DACL, and notice that when made a shut and no shut, on the port where my lab host was at the machine would lose its DHCP Adress, but after 10 secones it would regain the IP and then 1 sec later lose it again.
this just repets. but when i remove the line authentication control-direction in it works fine.
i have this line on all my Dot1x ports.
and this havent happend before.
am i missing something when i am adding ACL/DACLs on the port?
Solved! Go to Solution.
05-28-2020 06:27 AM
05-27-2020 05:52 AM
05-28-2020 12:02 AM
Hi Mike
FYSA? i dont understand that one :)
So i already have a ACL
interface GigabitEthernet0/2
description 802.1X
switchport access vlan 32
switchport mode access
switchport voice vlan 14
ip access-group Pre-ISE in
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 2
spanning-tree portfast
spanning-tree bpduguard enable
ip access-list extended Pre-ISE
permit icmp any any
permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
(this is just a test ACL)
And then i have a DACL that is a any any
what i want is that so if a client would connect to my network that would be infected it would not be able to use vlan 32 to spread to other clients on that network. even if most other clients will be verified and move to another vlan.
and that seems to kinda work. until in this LAB i connect a PC, and the PC keeps losing the connection
until i remove the "authentication control-direction in"
05-28-2020 06:27 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide