Kings, Query # 3: Its a port based ACL:
The switch applies the attributes to the IEEE 802.1x port for the duration of the user session. The switch removes the per-user ACL configuration when the session is over, if authentication fails, or if a link-down condition occurs. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 9, 2010, at 9:59 AM, Kingsley Charles wrote: > Hi all > > I need clarification on 802.1x per User ACLs > > Please refer the following section of the given link: > > Using IEEE 802.1x Authentication with Per-User ACLs > > http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html > > Query 1 > > Please let me know the correct format that we should enter in the cisco av > pair box. > > inacl#1=permit ip any any (mentioned in the above given link) > > or > > ip:inacl#1=permit ip any any (mentioned in IPexprt Vol 2 Lab 3 section 5.3) > > > Query 2 > > Is it required to configured a restrictive ACL as we do for NAC and then the > downloaded ACLs are added on the top of the restrictive ACL? > > Query 3 > > My understanding is that these are port ACLs not routed ACLs. Please confirm. > > > > With regards > Kings > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
