04-11-2019 03:10 AM
Hello,
We are trying to configure a 3560 series switch with ISE 2.4 to test web authentication. so far I can confirm that the ISE is sending the DACL back to the switch in access accept but when I check the switch the DACL is not applied to the switch port.
Attached are the packets capture from switch to ISE and vice versa.
Any pointers on how to resolve this would be great.
The switch IOS version is 15.0.
Thanks,
Ali
Solved! Go to Solution.
04-11-2019 06:16 AM
DACLs show up under the "show auth session" details or "show access-session" details for the interface. Depending on the version of code you can see the composite ACL on the port by doing "show ip access-list interface <gig x/y>". If you don't have IP device tracking enabled and the IP is not being learned the DACL won't get applied. Again "show auth session" details or "show access-session" details would tell if you if the IP address is being learned.
04-15-2019 03:21 AM
04-11-2019 06:16 AM
DACLs show up under the "show auth session" details or "show access-session" details for the interface. Depending on the version of code you can see the composite ACL on the port by doing "show ip access-list interface <gig x/y>". If you don't have IP device tracking enabled and the IP is not being learned the DACL won't get applied. Again "show auth session" details or "show access-session" details would tell if you if the IP address is being learned.
04-15-2019 03:21 AM
Thank you Paul, that resolved the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide