I have a few switches that I've identified cannot support per-user ACL enforcements, and all support VLAN enforcement.
However, the use of per-user ACLs are nice as I don't have to worry about switching vlans, and IP addresses, I can just dynamically assign ACLs as needed.
My problem is if I create a policy such as the following it works:
non compliant policy (matches non compliant SHV) (from switch x.x.x.10)
If I use the following for a list of switches they all fail:
non compliant policy (matches non compliant shv) (from switch x.x.x.10) (from switch x.x.x.11) (from switch x.x.x.12)
What I'm trying to do is create the following policies: One would do a list of switches using ACL enforcement One would do a list of switches using VLAN enforcement
It should work to create one policy for each switch. Is it required that you include all switches in a single policy? If so, then I believe you can use pattern matching syntax and a condition such as RADIUS Client\Client friendly name.
It should work to create one policy for each switch. Is it required that you include all switches in a single policy? If so, then I believe you can use pattern matching syntax and a condition such as RADIUS Client\Client friendly name.
Thanks Greg, I used the field for the IPV4 address of the switch in a policy, and used the regex for this, so i can enter more than one on the line, this worked.
so i have two policies...802.1x compliant acls, 802.1x compliant vlans, and in the policy i check the ip of the switch sending the data. Derek
