10-23-2016 02:29 PM - edited 03-11-2019 12:10 AM
Could somebody please elaborate the differences between a per-user acl and a downloadable ACL (dacl) in plain english?
I tried to find information about both in the cisco docs but I can't really find the key differences as both seem to be set in the radius reply coming from the authentication server.
10-24-2016 12:56 AM
Hi Philip,
Just a couple of thoughts that might help...and please comment if you disagree...
You are quite right that a per-user acl and dacl are set by radius.
A per-user acl can be a type of dacl, because you can 'download' a specific acl per user or per group.
So if you think of that there is really not big difference.
Also, a per-user acl dont have to be downloaded, it can be a pre-configured acl on the (NAS) device and the radius reply can just include the name of the acl to apply.
Maybe if you give an implementation example someone can maybe help more in depth.
Ciao
JC
10-24-2016 07:30 AM
This is the good document for checking the difference.
http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/119374-technote-dacl-00.html#anc14
Regards
Gagan
ps : rate if it helps!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide