Solved: Re: ISE DACL not installed on 3560 switch

networker4424 · ‎04-11-2019

Hello,

We are trying to configure a 3560 series switch with ISE 2.4 to test web authentication. so far I can confirm that the ISE is sending the DACL back to the switch in access accept but when I check the switch the DACL is not applied to the switch port.

Attached are the packets capture from switch to ISE and vice versa.

Any pointers on how to resolve this would be great.

The switch IOS version is 15.0.

Thanks,

Ali

paul · ‎04-11-2019

DACLs show up under the "show auth session" details or "show access-session" details for the interface. Depending on the version of code you can see the composite ACL on the port by doing "show ip access-list interface <gig x/y>". If you don't have IP device tracking enabled and the IP is not being learned the DACL won't get applied. Again "show auth session" details or "show access-session" details would tell if you if the IP address is being learned.

View solution in original post

networker4424 · ‎04-15-2019

Thank you Paul, that resolved the issue.

View solution in original post

paul · ‎04-11-2019

DACLs show up under the "show auth session" details or "show access-session" details for the interface. Depending on the version of code you can see the composite ACL on the port by doing "show ip access-list interface <gig x/y>". If you don't have IP device tracking enabled and the IP is not being learned the DACL won't get applied. Again "show auth session" details or "show access-session" details would tell if you if the IP address is being learned.

networker4424 · ‎04-15-2019

Thank you Paul, that resolved the issue.