Hi all - I would like verification or correction on how I have come to understand dACLs are used in ISE:
- dACL's are only used for the "Access-Accept" access type.
- If a client fails authentication, it is bound by the port default port ACL on the switch. (no "deny all" or other dACL is downloaded).
So, a couple questions:
- what is the purpose of the "Access-Reject" access type for wired clients since the switch port ACL is the default?
- why is there an option to choose a dACL for the "Access-Reject" access type?
Thanks,
Chris Kaufman