Hi all In the Identity profiles, there is an option to un-authorize the client. If I configure to un-authorize the client, the eou logging displays that client authorized. You can see the logging below. Why is the client getting authorized inspite of defining it as un-authorized?
router2(config-identity-prof)#device ? authorize Configure an authorized device not-authorize Configure an unauthorized device router2(config-identity-prof)#device no router2(config-identity-prof)#device not-authorize ? ip-address Specify a device by its IP address mac-address Specify a device by its MAC address type Specify a device by its type router2(config-identity-prof)#device not-authorize ip-address 10.20.30.46 router2(config-identity-prof)# *Jul 16 02:47:37.835: %EOU-6-POSTURE: IP=10.20.30.46| HOST=AUTHORIZED| Interface =GigabitEthernet0/1 *Jul 16 02:47:37.835: %EOU-6-AUTHTYPE: IP=10.20.30.46| AuthType=STATIC Also, just configuring to authorize client as following, doesn't make sense without having an identify policy defined. With the following configuration it gets authorized, but still is being restricted with the access-list associated to the interface. Am I missing something? router2(config-identity-prof)#device authorize ip-address 10.20.30.46 With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
