Thx Brandon. My understaning is that it is not necessary to have a restrictive ACL on the port to be configured as we do for NAC or Auth-proxy.
It would be great, if you can post a sample interface configuration configured for dot1x user based ACL. With regards Kings On Sat, Apr 10, 2010 at 12:14 AM, Brandon Carroll <[email protected]>wrote: > Kings, > > Query # 3: Its a port based ACL: > > The switch applies the attributes to the IEEE 802.1x port for the duration > of the user session. The switch removes the per-user ACL configuration when > the session is over, if authentication fails, or if a link-down condition > occurs. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Apr 9, 2010, at 9:59 AM, Kingsley Charles wrote: > > Hi all > > I need clarification on 802.1x per User ACLs > > Please refer the following section of the given link: > > Using IEEE 802.1x Authentication with Per-User ACLs > > > http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html > > *Query 1* > > Please let me know the correct format that we should enter in the cisco av > pair box. > > inacl#1=permit ip any any (mentioned in the above given link) > > or > > ip:inacl#1=permit ip any any (mentioned in IPexprt Vol 2 Lab 3 section 5.3) > > > *Query 2* > > Is it required to configured a restrictive ACL as we do for NAC and then > the downloaded ACLs are added on the top of the restrictive ACL? > > *Query 3* > > My understanding is that these are port ACLs not routed ACLs. Please > confirm. > > > > With regards > Kings > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
