Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
875
Views
10
Helpful
4
Replies

Configure downloadable ACL

Go to solution
apocalypse_nsl
Level 1
Level 1

‎04-18-2013 12:47 AM - edited ‎03-10-2019 08:19 PM

Dear all,

I have configure 802.1x with downloadable ACL on IOS version 12.2(52)SE and 12.2(55)SE4, I found there are some different behavior.

On 12.2(52)SE, I need to create a default ACL and apply the ACL on interface.

On 12.2(55)SE4, there is no need to create a default ACL not to apply on interface.

I check the configuration guide, seems the default acl must configure on interface.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1316124

Anyone know it is an enhancement on Cisco IOS?

Regards,

Alan

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎04-18-2013 04:53 PM

Yes the behaviour has been changed. Starting in 12.2(55)SE, you don't have to configure a static default ACL.  Here is a reference URL. This is documented in the same URL you posted.

Beginning with Cisco IOS Release 12.2(55)SE, if you do not configure a static ACL on a port, a dynamic Auth-Default-ACL is created and its policies are enforced before dACLs are downloaded and applied.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1322067

Jatin Katyal


- Do rate helpful posts -

~Jatin

View solution in original post

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to apocalypse_nsl

‎04-18-2013 06:53 PM

It happens.

Could you please mark this thread "RESOLVED" so that others can take benefits out of it.

Regards,

Jatin Katyal

~Jatin

View solution in original post

4 Replies 4

Go to solution
apocalypse_nsl
Level 1
Level 1

‎04-18-2013 10:49 AM

Anyone konw??

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎04-18-2013 04:53 PM

Yes the behaviour has been changed. Starting in 12.2(55)SE, you don't have to configure a static default ACL.  Here is a reference URL. This is documented in the same URL you posted.

Beginning with Cisco IOS Release 12.2(55)SE, if you do not configure a static ACL on a port, a dynamic Auth-Default-ACL is created and its policies are enforced before dACLs are downloaded and applied.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1322067

Jatin Katyal


- Do rate helpful posts -

~Jatin

Go to solution
apocalypse_nsl
Level 1
Level 1
In response to Jatin Katyal

‎04-18-2013 06:48 PM

I overlook the document. Thanks, Jatin.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to apocalypse_nsl

‎04-18-2013 06:53 PM

It happens.

Could you please mark this thread "RESOLVED" so that others can take benefits out of it.

Regards,

Jatin Katyal

~Jatin
Customers Also Viewed These Support Documents