[c-nsp] per user ACL's, 802.1x and multicast
Paul Culmsee
Paul.Culmsee at pivod.com
Tue Mar 22 05:26:01 EST 2005
Hi
(lets assume 3550 for now, but reeally, this question applies to any switch)
I was asked today whether there was a manageable method to control access to multicast traffic at the network level. Reading the 802.1x config guide on the 3350 model..
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801a6b34.html#1072494
it seems that per user ACL's may be the way..
But in my case, I need to explicitly deny certain multicast addresses from being accessible on the entire network unless the correct user has been authorised. So I am wondering..
If I put a static ACL on layer 2 ports denying a particular multicast address range, and then a per user ACL permits it via Radius, will the per user ACL override the static ACL or simply append to it?
This was simply a theoretical question I was asked so I don't want to spend countless hours tooling with it. But does anybody have any suggestions on whether the above would work or whether there are more elegent solutions?
thanks
Paul
More information about the cisco-nsp
mailing list