hello guys,
in the past i tried out different virtual switches that are available with GNS3 but sadly none of them showed and processed the received DACLs, debugs did show them as being received tho..
So some weeks ago i bought a refurbished Cisco switch for the sole purpose of testing DACLs, its an ws-c3750-24ps with the latest IOS version available atm, and it seems as if DACLs are also not supported on this model.
My question is if anyone knows if i missed some particular command to enable DACLs. Ip device tracking with an source address is already enabled, debugs show that the DACL are being received,just like the virtual models.
i would also appreciate it if someone knows a suitable refurbished cisco switch model for trustsec with DACL support, since i am considering buying another model for this sole purpose.
P.s, what made me think DACLs are not supported with the model is the show authentication session interface command, ACS ACL seems to be missing.
output copy i get,
Switch#show authen sess int fa1/0/2 Interface: FastEthernet1/0/2 MAC Address: - IP Address: 192.168.10.10 User-Name: test Status: Authz Success Domain: DATA Security Policy: Should Secure Security Status: Unsecure Oper host mode: single-host Oper control dir: both Authorized By: Authentication Server Vlan Group: N/A Session timeout: N/A Idle timeout: N/A Common Session ID: - Acct Session ID: - Handle: -
vs output copy i found random on the webz with some info purposefully let away
C-3750-5#sh authentication sessions interface g1/0/1 Interface: GigabitEthernet1/0/1 MAC Address: - IP Address: 192.168.1.10 User-Name: - Status: Authz Success Domain: VOICE Security Policy: Should Secure Security Status: Unsecure Oper host mode: multi-auth Oper control dir: both Authorized By: Authentication Server Vlan Policy: 100 ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-511 Session timeout: N/A Idle timeout: N/A Common Session ID: - Acct Session ID: - Handle: -
No comments:
Post a Comment