Right you are Kings. Let me see what I can come up with to share. Regards,
Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 9, 2010, at 7:59 PM, Kingsley Charles <[email protected]> wrote: > Thx Brandon. > > My understaning is that it is not necessary to have a restrictive ACL on the > port to be configured as we do for NAC or Auth-proxy. > > It would be great, if you can post a sample interface configuration > configured for dot1x user based ACL. > > > With regards > Kings > > On Sat, Apr 10, 2010 at 12:14 AM, Brandon Carroll <[email protected]> > wrote: > Kings, > > Query # 3: Its a port based ACL: > > The switch applies the attributes to the IEEE 802.1x port for the duration of > the user session. The switch removes the per-user ACL configuration when the > session is over, if authentication fails, or if a link-down condition occurs. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > > On Apr 9, 2010, at 9:59 AM, Kingsley Charles wrote: > >> Hi all >> >> I need clarification on 802.1x per User ACLs >> >> Please refer the following section of the given link: >> >> Using IEEE 802.1x Authentication with Per-User ACLs >> >> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/sw8021x.html >> >> Query 1 >> >> Please let me know the correct format that we should enter in the cisco av >> pair box. >> >> inacl#1=permit ip any any (mentioned in the above given link) >> >> or >> >> ip:inacl#1=permit ip any any (mentioned in IPexprt Vol 2 Lab 3 section 5.3) >> >> >> Query 2 >> >> Is it required to configured a restrictive ACL as we do for NAC and then the >> downloaded ACLs are added on the top of the restrictive ACL? >> >> Query 3 >> >> My understanding is that these are port ACLs not routed ACLs. Please confirm. >> >> >> >> With regards >> Kings >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
