I have an Auth Profile with DACL attached (permit all traffic) which looks to be working OK, but my query is - How do I view and confirm that the DACL is on the switch?
I see the following on the switch -
SW-TEST-01
#sh authentication sessions interface gi3/0/45 de
Interface: GigabitEthernet3/0/45
IIF-ID: 0x1033AC0000001C4
MAC Address: f01f.af4e.f281
IPv6 Address: Unknown
IPv4 Address: 10.44.21.83
User-Name: xxxxxxxxx
Status: Authorized
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Session Uptime: 11s
Common Session ID: 0A2C0031000065CE7DC150DA
Acct Session ID: 0x0000656E
Handle: 0xCF000055
Current Policy: POLICY_Gi3/0/45
SW-TEST-01#sh ip access-lists interface gi3/0/45
SW-TEST-01
From the Radius logs I can see the following and it says - Added the dACL specified in the Authorization Profile but I am unsure where to confirm this is indeed being pushed down.
| NAS Port Id |
GigabitEthernet3/0/45 |
| NAS Port Type |
Ethernet |
| Authorization Profile |
Corporate User Auth |
| 24439 |
Machine Attributes retrieval from Active Directory succeeded |
| |
24422 |
ISE has confirmed previous successful machine authentication for user in Active Directory |
| |
15036 |
Evaluating Authorization Policy |
| |
15048 |
Queried PIP |
| |
24432 |
Looking up user in Active Directory - xxxxxxxx |
| |
24355 |
LDAP fetch succeeded |
| |
24416 |
User's Groups retrieval from Active Directory succeeded |
| |
15048 |
Queried PIP |
| |
15004 |
Matched rule |
| |
15016 |
Selected Authorization Profile - Corporate User Auth |
| |
11022 |
Added the dACL specified in the Authorization Profile |
| |
11503 |
Prepared EAP-Success |
| |
11002 |
Returned RADIUS Access-Accept |
