Hey Team,

Having issues in pushing DACL to Cisco switch. On ISE, it shows Authentication succeeded but on switch it shows authz failed. We have properly applied COA on switch. As soon as we remove DACL and enforce vlan, everything starts to work.

Did anyone face the same issue before?

On switch, we see the following logs

*Apr 16 18:40:49.382: dot1x-sm:[5000.0010.0000, Et0/1] 0xC5000009:entering idle state
*Apr 16 18:40:49.382: dot1x-sm:[5000.0010.0000, Et0/1] Posting AUTH_SUCCESS on Client 0xC5000009
*Apr 16 18:40:49.382: dot1x_auth Et0/1: during state auth_authenticating, got event 12(authSuccess_portValid)
*Apr 16 18:40:49.382: @@@ dot1x_auth Et0/1: auth_authenticating -> auth_authc_result
*Apr 16 18:40:49.382: dot1x-sm:[5000.0010.0000, Et0/1] 0xC5000009:exiting authenticating state
*Apr 16 18:40:49.382: dot1x-sm:[5000.0010.0000, Et0/1] 0xC5000009:entering authc result state
*Apr 16 18:40:49.382: dot1x-packet:[5000.0010.0000, Et0/1] EAP Key data detected adding to attribute list
*Apr 16 18:40:49.392: dot1x-ev:[5000.0010.0000, Et0/1] Received Authz fail (result: 3) for the client 0xC5000009 (5000.0010.0000)
*Apr 16 18:40:49.392: dot1x-sm:[5000.0010.0000, Et0/1] Posting_AUTHZ_FAIL on Client 0xC5000009
*Apr 16 18:40:49.392: dot1x_auth Et0/1: during state auth_authc_result, got event 22(authzFail)
*Apr 16 18:40:49.392: @@@ dot1x_auth Et0/1: auth_authc_result -> auth_held
*Apr 16 18:40:49.392: dot1x-sm:[5000.0010.0000, Et0/1] 0xC5000009: held