cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1171
Views
5
Helpful
2
Replies
Highlighted

per-user acl vs dacl

Could somebody please elaborate the differences between a per-user acl and a downloadable ACL (dacl) in plain english?

I tried to find information about both in the cisco docs but I can't really find the key differences as both seem to be set in the radius reply coming from the authentication server.

2 REPLIES 2
Highlighted
Beginner

Hi Philip,

Hi Philip,

Just a couple of thoughts that might help...and please comment if you disagree...

You are quite right that a per-user acl and dacl are set by radius.

A per-user acl can be a type of dacl, because you can 'download' a specific acl per user or per group.

So if you think of that there is really not big difference.

Also, a per-user acl dont have to be downloaded, it can be a pre-configured acl on the (NAS) device and the radius reply can just include the name of the acl to apply.

Maybe if you give an implementation example someone can maybe help more in depth.

Ciao

JC

Highlighted
Cisco Employee

This is the good document for

This is the good document for checking the difference.

http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/119374-technote-dacl-00.html#anc14

Regards

Gagan

ps : rate if it helps!!!