Solved: Question about 802.1x and DACL

jeremytetart · ‎04-03-2021

Hi Guys,

After read some Cisco documentation, I have questions for you about the relation between 802.1x and DACL.

If I want to push DACL on a Cisco Switch from ISE node, do I need to enable 802.1x command on the switch ?

In fact, I'm asking me which command is pre-requisite for enable DACL on Cisco switch ?

I know that the command ip device tracking is needed.

But do I need to run these commands :

dot1x system-auth-control
radius-server vsa send authentication
radius-server vsa send accounting
radius-server attribute 6/8/25

If someone can explain me which commands are a pre-requisite and which commands are optional and why ?

Regards.

Francesco Molino · ‎04-03-2021

Hi

dACLs are being pushed by ISE following an authorization. This means you can have dACL for a VPN authorization, switch 802.1x authorization… In any ways, you will need to have an authorization going on.

All commands you mentioned are for 802.1x authentication.

A good site to show what are all commands for for your knowledge: http://www.network-node.com/blog/2015/12/30/switch-configuration-for-dot1x

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎04-03-2021

Hi

dACLs are being pushed by ISE following an authorization. This means you can have dACL for a VPN authorization, switch 802.1x authorization… In any ways, you will need to have an authorization going on.

All commands you mentioned are for 802.1x authentication.

A good site to show what are all commands for for your knowledge: http://www.network-node.com/blog/2015/12/30/switch-configuration-for-dot1x

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

jeremytetart · ‎04-14-2021

Thank Francesco for your reply ^^.