Selecting the Access-List Source-Address Type

The identity management feature can install ACL (Access Control List)s for identities based on the source MAC or source IP address. By default the MAC address of the identity is used to install the ACLs. Every network entity has a MAC address, but not all network devices have an IP address, so we recommend that you use the default mac selection to install ACLs for network entities based on the source MAC address.

To change the configuration for the access-list source-address type, use the following command:
configure identity-management access-list source-address [mac | ip]
Note

Note

You must disable identity management to change the current access-list source-address type configuration.

By default, the identity's MAC address is used for applying the dynamic ACLs and policies. The dynamic ACLs or policies that are associated to roles should not have any source MAC address specified because the identity management feature will dynamically insert the identity's MAC address as the source MAC address. Similarly, if the ACL source address type is configured as ip, the dynamic ACLs or policies that are associated to roles should not have any source IP address specified.