Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
263
Views
0
Helpful
2
Replies

DACL get removed after some time

tungrwaga58
Level 1
Level 1

‎10-23-2024 03:20 AM

Hello, our 9200 switches with code 17.9.4a receives dacl from ise and authorize clients successfully. Based on the complaints (endpoint can access to destinations that they shouldn’t as destinations not allowed in DACL) we started to see if anything goes wrong with switches and saw that while client stays as authorized and acl is applied to client port (sh authen sess int), acl does not exist on switch when we run show ip access-list command.

Anybody has the same issue? We suspect on device tracking. If device is removed from tracking table maybe switch removes ACL too but not sure on that.

https://omegle.onl/ vshare
Labels:
0 Helpful
2 Replies 2

DanielP211
VIP Alumni
VIP Alumni

‎10-23-2024 03:37 AM

Hello!

I haven't encountered such issues. Have you tried the command sh access-list int gigX/X/X? Why would the device be removed from the device tracking table? I assume the device stays connected?

BR

****Kindly rate all useful posts*****
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-23-2024 05:42 AM

No issues reported above 17.9.5 - so can you check upgrading the latest IOS XE and observ

other side you can reach TAC also.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Review Cisco Networking for a $25 gift card
Top