Hello, I'm currently experimenting with per-user ACL supported with Radius (Microsoft NPS). First I've tried with AV-Pair method, it worked nicely, show access-list did show it applied to the interface. Then I've tried Filter-ID method and although the ACLs work nicely i cannot see them applied to the port by any command (show access-list, show ip access-list). For example show ip interface comes up with: Inbound access list is not set Outgoing access list is not set As I said ACLs appear to work, just no sign of them getting applied to the port and for troubleshooting it would be nice to see what ACLs are applied. I like the fact that with Filter-ID i can setup ACLs like lego pieces but at the moment find it difficult to troubleshoot. Thank you!
... View more
Hello, I faced a slight annoyance when setting up dhcp snooping on a standalone catalyst 3650 switch. Setup is simple port1 has client port 2 has dhcp, snooping enabled and actually works as expected. Making port 2 trusted results in successful dhcp lease for client on port1, and after removing trust the client cannot retrieve any dhcp address anymore. So far, so good. What bothers me is that show ip dhcp snooping statistics (detail) show no dropped packets at all, only counter increasing is "the packets forwarded" one (even on failed dhcp lease attempt). I may be misinterpret the counters here, but has anyone a possible explanation? Thank you!
... View more