Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1858
Views
5
Helpful
2
Replies

per-user acl vs dacl

philipp.kreidl1
Level 1
Level 1

‎10-23-2016 02:29 PM - edited ‎03-11-2019 12:10 AM

Could somebody please elaborate the differences between a per-user acl and a downloadable ACL (dacl) in plain english?

I tried to find information about both in the cisco docs but I can't really find the key differences as both seem to be set in the radius reply coming from the authentication server.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

jcockburn
Level 1
Level 1

‎10-24-2016 12:56 AM

Hi Philip,

Just a couple of thoughts that might help...and please comment if you disagree...

You are quite right that a per-user acl and dacl are set by radius.

A per-user acl can be a type of dacl, because you can 'download' a specific acl per user or per group.

So if you think of that there is really not big difference.

Also, a per-user acl dont have to be downloaded, it can be a pre-configured acl on the (NAS) device and the radius reply can just include the name of the acl to apply.

Maybe if you give an implementation example someone can maybe help more in depth.

Ciao

JC

0 Helpful

Gagandeep Singh
Cisco Employee
Cisco Employee

‎10-24-2016 07:30 AM

This is the good document for checking the difference.

http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/119374-technote-dacl-00.html#anc14

Regards

Gagan

ps : rate if it helps!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents