167
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Identity Features on Layer 3 Interface
Downloadable Access Control List
Downloadable Access Control List
A Downloadable ACL is also referred to as dACL. For a dACL to work on a port, the ip device tracking
feature should be enabled and the end point connected to the port should have an IP address assigned.
After authentication on the port, use the show ip access-list privileged EXEC command to display the
downloaded ACL on the port.
Filter-ID or Named Access Control List
Filter-Id also works as a dACL, but the ACL commands are configured on the authenticator.
Authentication, authorization, and accounting (AAA) provides the name of the ACL to the authenticator.
IP Device Tracking
The IP Device Tracking feature is required for the dACL and Filter-ID features to function. To program
a dACL or Filter-ID in a device, IP address is required. IP device tracking provides the IP address of the
corresponding device to the Enterprise Policy Manager (EPM) module to convert the dACLs to each user
by adding the IP address to them.
To Next Page
Loading...
Need help?
General
