Home » Dell Manuals » Hubs & Switches » Dell X1000 » Manual Viewer

Dell X1000 Networking X-Series Switches User Guide - Page 247

Single-session/Multiple Hosts, Multi-Session Dot1x

Add to My Manuals
Save this manual to your list of manuals

Page 247 highlights

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Astute\User Guide\Dell_Astute_Network_Admin_Security.fm made by other devices received from the same port, are denied until the authorized supplicant is no longer using the port, or the access request is to an unauthenticated or guest VLAN. - Single-session/Multiple Hosts-This follows the Dot1x standard. In this mode, the switch, as an authenticator, enables devices to use a port, as long as one of the devices has been granted permission as a supplicant at the port. • Multi-Session Dot1x-Every device (supplicant) connecting to a port must be authenticated and authorized by the switch (authenticator), separately in a different Dot1x session. This is the only mode that supports Dynamic VLAN Assignment (DVA). Dynamic VLAN Assignment (DVA) Dynamic VLAN Assignment (DVA) is also referred to as RADIUS VLAN Assignment in this guide. When a port is in Multiple Session mode and is DVA-enabled, the switch automatically adds the port as an untagged member of the VLAN that is assigned by the RADIUS server during the authentication process. The switch classifies all the untagged packets from an authenticated device to the VLAN assigned to the device. For a device to be authenticated and authorized at a DVA-enabled port: • The RADIUS server must authenticate the device and dynamically assign a VLAN to the device. • The assigned VLAN must not be the default VLAN and must have been created on the switch. • The switch must not be configured to use both a DVA and a MAC-based VLAN group. • A RADIUS server must support DVA with RADIUS attributes tunnel-type (64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-privategroup-id = a VLAN ID. Dynamic Policy/ACL Assignment The Dynamic Policy/ACL Assignment feature enables specifying a userdefined ACL or policy in the RADIUS server. After a successful authentication, the assigned policy/ACL is applied to the packets from the authenticated device. DELL CONFIDENTIAL - PRELIMINARY 8/9/16 - FOR PROOF ONLY Network Administration: Security 247

Section	Page
Dell™ Networking™ X1000 and X4000 Series Switches User Guide	1
Notes, Cautions, and Warnings	2
Table of Contents	3
1	13
Preface	13
2	15
Features	15
IP Version 6 (IPv6) Support	16
Head of Line Blocking Prevention	16
Back Pressure Support	16
Virtual Cable Testing (VCT)	16
Auto-Negotiation	16
MDI/MDIX Support	17
MAC Address Capacity Support	17
MAC Address Capacity Support	17
Static MAC Entries	17
Self-Learning MAC Addresses	17
Automatic Aging for MAC Addresses	18
VLAN-Aware MAC-Based Switching	18
MAC Multicast Support	18
Layer 2 Features	18
IGMP Snooping	18
MLD Snooping	19
Port and VLAN Mirroring	19
Broadcast Storm Control	19
VLAN Supported Features	19
VLAN Support	19
Port-Based Virtual LANs (VLANs)	19
Full 802.1Q VLAN Tagging Compliance	20
GVRP Support	20
Voice VLAN	20
Guest VLAN	20
Private VLAN	21
Multicast TV VLAN	21
Spanning Tree Protocol Features	21
Spanning Tree Protocol (STP)	21
Fast Link	21
IEEE 802.1w Rapid Spanning Tree	22
IEEE 802.1s Multiple Spanning Tree	22
STP BPDU Guard	22
Link Aggregation	22
Link Aggregation and LACP	23
DHCP Clients	23
Quality of Service Features	23
Class of Service 802.1p Support	23
TCP Congestion Avoidance	23
Device Management Features	24
SNMP Alarms and Trap Logs	24
SNMP Versions 1, 2, and 3	24
Web-Based Management	24
Management IP Address Conflict Notification	24
Configuration File	24
Auto-Update of Configuration/Image File	25
TFTP (Trivial File Transfer Protocol)	25
USB File Transfer Protocol	25
Remote Monitoring	25
sFlow	25
Command Line Interface	26
SYSLOG	26
SNTP	26
Domain Name System	26
802.1ab (LLDP-MED)	27
Security Features	27
Dot1x and MAC based Authentication	27
Locked Port Support	28
RADIUS Client	28
RADIUS Accounting	28
TACACS+	28
Password Management	28
Access Control Lists (ACL)	29
Dynamic ACL/Dynamic Policy Assignment (DACL/DPA)	29
DHCP Snooping	29
DHCP Relay	29
ARP Inspection	30
Port Profile	30
DHCP Server	30
Protected Ports	30
Proprietary Protocol Filtering	30
UDLD	31
Static Routing	31
IPv6 Router	31
3	33
Hardware Description	33
Device Models	34
Device Structure	35
Managed Mode Button	36
Reset Button	36
Fans	37
LED Definitions	37
System LEDs	37
Table 3-1.	37
Port LEDs	38
Gigabit Copper Ports	38
Table 3-2.	38
SFP Ports	39
Table 3-3.	39
SFP+ Ports	39
Table 3-4.	39
Power Supplies	39
Table 3-5.	40
Table 3-6.	40
Table 3-7.	40
Table 3-8.	41
Table 3-9.	41
Table 3-10.	41
Table 3-11.	41
Table 3-12.	41
4	43
Using the GUI	43
Starting the Application	44
1 Open a web browser.	44
2 Enter the device’s IP address in the address bar and press <Enter>. The default IP address for the device is 192.168.2.1.	44
3 When the Log In window displays, enter a user name and password. The default user name and password is admin/admin.	44
4 Click OK.	44
Understanding the Interface	44
Dashboard	45
Saving Configurations	45
Information Buttons	46
Table 4-1. Masthead Buttons	46
Device Management Icons	47
Table 4-2. Common Icons	47
Field Definitions	47
Common GUI Features	48
Table 4-3. Common GUI Elements	48
5	49
Dashboard	49
Overview	50
Interfaces	51
Port Tab	51
VLAN Tab	52
LAG Tab	52
Port Profile Tab	52
Switch Information	53
Resources	55
Recent Logged Events	57
Active Alerts	58
Ports and VLANs	59
Configuration Wizards	60
1 Click on the Ports button from the dashboard and select one or more ports to configure.	60
2 Click Next.	60
3 Enter a description of the port(s) in Port Description (optional).	60
4 Click Next and enter the following:	60
5 Click Next.	61
6 Depending on the type of port being configured, enter the following fields:	61
7 Click Next to view a summary of the port configuration.	63
8 Click Apply to save the changes.	63
LAG	63
1 Select Assign Ports to a LAG.	63
2 Click Next.	63
3 Select one or more ports to assign to a LAG.	63
4 Enter the following fields:	63
5 In the Assign Select Ports to VLAN and Port Tag Membership section, select whether ports will be Tagged or Untagged in the VLAN. This is possible for individual VLANs or All Future VLANs.	64
6 Enter the following fields:	64
7 After reviewing the summary, click Apply to save the LAG configuration. After apply is selected the wizard will bring up LAG Configuration option.	64
1 Click View Current LAG Configuration. This describes the current LAG configurations:	64
2 Select Configure LAG.	65
3 Click Next.	65
4 Click on the Edit icon of a LAG and enter the following fields:	65
5 Click Next to view a summary of the port configuration.	66
6 Click Apply to save the changes.	66
Configure VLAN	66
1 Select Configure VLAN.	66
2 Click Next and Add.	66
3 Enter the following fields:	66
4 Click OK.	66
5 Click Next to view the VLAN.	66
6 Click Apply to save the changes.	66
1 Select Configure and Assign Ports to VLAN.	66
2 Click Next.	66
3 Click on ports to be included in VLAN.	66
4 Enter the following fields:	66
5 Click OK.	66
6 Click Next to view a summary of the port configuration.	67
7 Click Apply to save the changes.	67
Port Profile	67
1 Click Port Profile.	67
2 Click Next.	67
3 Select one or more ports to assign to a port profile.	67
4 Select Assign Port to Profile in Port Edit Mode field.	67
5 Select one of the following profiles to assign to ports:	67
6 Each profile requires entering various elements of VLAN information. Enter the fields according to the profile:	67
7 Click Next to view the configuration.	68
8 Click Apply to save the changes.	68
Initial Setup	68
1 Click Initial Setup.	68
2 Click Next.	68
3 Enter the IP Address Source. Select one of the following options:	68
4 If the IP Address Source is Static IP, enter the fields:	69
5 Click Next.	69
6 Enter the following fields:	69
7 Click Next.	69
8 Enter the following fields:	69
9 Click Next.	69
10 Enter the following fields:	69
11 Click Next to view a summary of the port configuration.	69
12 Click Apply to save the changes.	69
6	71
Switch Management	71
IP Addressing Overview	71
Difference Between IPv4 and IPv6 Addressing	71
IPv6 Prefixes	72
Switch Information	72
1 Click Switch Management > Switch Information.	72
2 Click Edit and enter the fields:	72
IPv4 Addressing	73
IPv4 Default Gateway	74
IPv4 Addressing	74
1 Click Switch Management > IPv4 Addressing.	74
2 To assign the IP address of the interface, on which IPv4 routing is enabled, click Edit, Add and enter the fields:	75
IPv6 Addressing	75
IPv6 Global Parameters	76
1 Click Switch Management > IPv6 Addressing > Global Parameters.	76
2 Click Edit and enter values for the following fields:	76
IPv6 Interface	76
1 Click Switch Management > IPv6 Addressing > IPv6 Interface.	76
2 Click Edit, Add and enter the fields:	77
IPv6 Address	78
1 Click Switch Management > IPv6 Addressing > IPv6 Address.	78
2 Click Edit.	78
3 To enable IPv6 support on this interface, click Edit, Add and enter the following fields:	78
IPv6 Default Gateway	79
1 Click Switch Management > IPv6 Addressing > IPv6 Default Gateway.	79
2 To add an IPv6 default gateway, click Edit, Add, and enter the fields:	80
IPv6 Neighbors	80
1 Click Switch Management > IPv6 Addressing > IPv6 Neighbors.	81
2 To add a new IPv6 neighbor, click Edit, Add, and enter the fields:	81
3 To modify or remove an IPv6 neighbor, click Edit, and enter the fields described above page.	81
File Update and Backup	83
Overview	83
System Files	83
Updating System Files	84
Update Firmware / Configuration	84
1 Click Switch Management > File Update and Backup > Update Firmware / Configuration.	84
2 Click Edit.	84
3 Enter the following IP Format fields:	85
5 Click OK to start the upload process.	86
Backup Files	86
1 Click Switch Management > File Update and Backup > Backup Files.	86
2 Click Edit.	86
5 Click Apply to start the backup process.	87
Active Firmware Image	87
1 Click Switch Management > File Update and Backup > Active Firmware Image.	87
2 Click Edit.	87
3 Click OK to select the image file to be used.	88
Auto-Update	88
Setup Files	88
Setup File Contents	88
Setup File Format	89
Triggering the Auto Update of Configuration/Image File Process	91
Automatic DHCP IP Address Assignment	92
Preparations for Using Auto Configuration from a TFTP Server	94
Auto Configuration (One File Read Method)	94
Auto Configuration (Multi File Read Method)	95
Preparations for Firmware Image Download from TFTP	96
Auto Update of Configuration/Image File	97
1 Click Switch Management > File Update and Backup > Auto Update of Configuration/Image File.	97
2 Modify the auto-update configuration parameters as required:	97
Restore Factory Defaults	98
1 Click Switch Management > File Update and Backup > Restore Factory Defaults.	98
2 Click Edit.	98
3 Select Restore Switch Configuration to replace the current configuration settings by the factory configuration default settings.	98
Domain Name System (DNS)	98
DNS Settings	98
1 Click Switch Management > DNS Settings (DNS) > DNS Settings.	98
2 Click Edit, Settings Icon () to set the global DNS properties.	98
3 Enter the following fields:	98
4 Click OK.	98
5 To activate one of the currently-defined DNS servers, enable Active Server.	98
Host Name Mapping	99
1 Click Switch Management > Domain Name (DNS) > Host Name Mapping.	99
2 Click Add to add a new host name. Up to four IP addresses can be added.	99
Time Synchronization	100
Clock Source	101
1 Click Switch Management > Time Synchronization > Clock Source.	101
2 Select the Clock Source. The possible options are:	101
Local Time Settings	101
1 Click Switch Management > Time Synchronization > Local Time Settings.	101
2 Enter the following local settings:	101
System Time from an SNTP Server	103
Overview	103
SNTP Global Settings	106
1 Click Switch Management > Time Synchronization > SNTP Global Settings.	107
2 Enter the fields:	107
SNTP Authentication	107
1 Click Switch Management > Time Synchronization > SNTP Authentication.	107
2 Click Edit, Settings Icon () to enable/disable SNTP Authentication. This enables/disables authenticating SNTP sessions between the device and an SNTP server.	107
3 Click OK.	107
SNTP Servers	108
1 Click Switch Management > Time Synchronization > SNTP Servers.	108
SNTP Interface Settings	109
1 Click Switch Management > Time Synchronization > SNTP Interface Settings.	109
2 To add an interface that can receive SNTP server updates, click Edit, Add.	110
3 Enter the following fields:	110
Management Security	110
Global Password Management	110
1 Click Switch Management > Management Security > Global Password Management.	111
Line Password for CLI	112
1 Click Switch Management > Management Security > Line Password for CLI.	112
Enable Password for CLI	112
1 Click Switch Management > Management Security > Enable Password for CLI.	113
1 Click Edit to enter the fields:	113
Active Users	113
Local User Database	114
1 Click Switch Management > Management Security > Local User Database.	114
Access Profiles and Rules Configuration	114
Access Profiles and Rules	115
1 Click Switch Management > Management Security > Access Profiles and Rules.	116
2 Click Add and enter the fields:	116
1 Click Switch Management > Management Security > Access Profiles and Rules.	117
2 To activate an access profile, select it in the Active Access Profile field.	117
3 Click Edit, Settings Icon ().	117
4 Select one of the following options for Access Profile Name:	117
5 Click OK.	118
Authentication Profiles	118
1 Click Switch Management > Management Security > Authentication Profiles.	118
2 Click Edit, Add to add a new authentication profile, and enter the fields:	119
Select Authentication	119
1 Click Switch Management > Management Security > Select Authentication.	119
2 For the Console, Telnet and Secure Telnet (SSH) types of users, select either the default authentication profile or one of the previously-defined authentication profiles.	119
3 For Secure HTTP and HTTP types of users, select one or all of the Optional Methods and click the right-arrow to move them to the Selected Methods. The options are:	120
TACACS+	120
1 Click Switch Management > Management Security > TACACS+.	120
2 To set the global parameters, click Edit, Settings Icon () and enter the following fields:	120
3 Click OK.	121
4 To add a TACACS+ server, click Edit, Add and enter the following fields:	121
RADIUS	121
1 Click Switch Management > Management Security > RADIUS.	122
2 To set the global parameters, click Edit, Settings Icon () and enter the following fields:	122
3 Click OK.	122
4 To add a RADIUS server, click Edit, Add, and enter the fields:	122
7	125
Logs and Alerts	125
Overview	125
Logs	126
1 Click Logs and Alerts > Logs.	126
2 Click Edit, Settings Icon ().	126
3 Enable/disable logging in the following fields:	126
4 To select the destination of logging messages, according to their severity levels, check the minimum severity level that will be associated with the console log, RAM log and Log file (Flash memory). When a severity level is selected, all severity l...	127
Login History	127
1 Click Logs and Alerts > Login History.	127
2 Click Edit, Settings Icon ().	127
3 Enable/disable Login History to File to record login history.	127
Remote Log Servers	127
1 Click Logs and Alerts > Remote Log Servers.	127
2 Click Edit, Add, and enter the fields:	127
8	129
Statistics and Diagnostics	129
Monitoring	129
Statistics	129
1 Click Statistics and Diagnosis > Monitoring (RMON).	129
2 Click Statistics.	129
3 Select a port or LAG.	129
4 Select one of the Refresh Rate options to specify how frequently the statistics should be refreshed.	131
5 Select Reset All Counters to clear the counters.	131
CPU Utilization	131
1 Click Statistics and Diagnosis > Monitoring (RMON).	131
2 Click CPU Utilization.	131
3 Select one of the Refresh Rate options to specify how frequently the statistics should be refreshed.	131
4 Click Reset Counters to clear the counters.	131
History Control	131
1 Click Statistics and Diagnosis > Monitoring (RMON).	131
2 Click History Control.	131
3 To add a new entry, click Add. The New History Entry number, which uniquely identifies the sample, is displayed.	132
4 Enter the fields for the entry:	132
History Table	132
1 Click Statistics and Diagnosis > Monitoring (RMON).	132
2 Click History Table.	132
3 Select a History Entry number in the View By filter.	132
Threshold and Events	133
1 Click Statistics and Diagnosis > Monitoring (RMON).	133
2 Click Threshold and Events.	133
3 Click Add.	133
4 Enter the fields:	133
Configure an Event	134
1 Click Statistics and Diagnosis > Monitoring.	134
2 Click Threshold and Events.	134
3 Click Configure Events Controls, Add.	135
4 Enter the following fields:	135
Statistics	135
Interface Counters	135
1 Click Statistics and Diagnosis > Statistics.	135
2 Click Interface Counters.	135
Denied ACEs Counters	136
1 Click Statistics and Diagnosis > Statistics.	136
2 Click Denied ACEs Counters.	136
3 Select either Ports or LAGs in View By.	136
4 To clear the counters, click Reset Counter.	136
EAP Statistics	137
1 Click Statistics and Diagnosis > Statistics.	137
2 Click EAP Statistics.	137
Etherlike Statistics	138
1 Click Statistics and Diagnosis > Statistics.	138
2 Click Etherlike Statistics.	138
3 Select Ports or LAG in View By.	138
4 Select one of the Refresh Rate options to clears the statistics for the selected interface.	138
GVRP Statistics	138
1 Click Statistics and Diagnosis > Statistics.	138
2 Click GVRP Statistics.	138
3 Select Ports or LAG in View By.	138
A	139
4 Select one of the Refresh Rate options to specify how frequently the statistics should be refreshed.	139
Utilization Summary	139
1 Click Statistics and Diagnosis > Statistics.	140
2 Click CPU Utilization.	140
3 Select Ports or LAG in View By.	140
4 Select the Refresh Rate to specify how frequently the statistics should be refreshed.	140
Diagnostics	140
Integrated Cable Test	140
1 Click Statistics and Diagnosis > Diagnostics.	141
2 Click Integrated Cable Test.	141
3 Ensure that both ends of the copper cable are connected, one end to tested port and one end to device.	141
4 Click Test for the port to be tested. The copper cable and Approximate Cable Length tests are performed, and the following test results are displayed:	141
Optical Transceiver Diagnostics	141
1 Click Statistics and Diagnosis > Diagnostics.	142
2 Click Optical Transceiver Diagnostics.	142
Identify	142
1 Click Statistics and Diagnosis > Diagnostics.	142
2 Click Identify.	142
3 Select Identify Switch to light the Identity LED.	142
4 Enter the Identify Switch LED Timeout. This determines how long the Identify switch will stay lit.	142
9	143
Network Administration: VLAN	143
VLAN Overview	143
Frame Flow	144
Figure 9-1. Frame Flow Through a VLAN	144
1 If the frame contains a VLAN tag, that tag is used, otherwise the frame is classified by the port's default VLAN (PVID), if it is defined.	144
2 After classification, the frame may pass (if enabled) through ingress filtering, where the frame is dropped if the frame's VLAN ID is not one of the VLANs to which the ingress port belongs.	144
3 A forwarding decision is made, as a function of the VLAN ID and the destination MAC address.	144
4 The egress rules define whether the frame is to be sent as tagged or untagged.	144
Special-case VLANs	144
QinQ Tagging	145
Port Modes	145
Acceptable Frame Type	147
Standard VLAN	147
VLAN Membership	147
1 Click Network Administration > VLAN >Standard VLAN > VLAN Membership.	147
2 Click Edit and enter the fields:	148
VLAN Port Settings	148
1 Click Network Administration > VLAN >Standard VLAN > VLAN Port Settings.	148
2 Click Edit.	148
3 Select a port, click its Edit icon and enter the fields:	148
A	150
Protocol Group	150
Defining Protocol Groups	152
1 Define a protocol group by assigning one or more protocols to the group and giving it a protocol-group ID (any integer), using the Protocol Group page.	152
2 Associate the group with a desired VLAN classification, per port, using the Protocol Port page.	152
1 Click Network Administration > VLAN > Standard VLAN >Protocol Group.	152
2 Click Edit, Add and enter the fields:	152
Protocol Port	152
1 Click Network Administration > VLAN > Standard VLAN > Protocol Port.	152
2 Click Edit, Add, and enter the fields:	152
GVRP Parameters	153
1 Click Network Administration > VLAN > Standard VLAN > GVRP Parameters.	153
2 Click Edit.	153
3 Click the Settings Icon () and enable the GVRP Global Status.	153
4 Click OK.	153
5 Select either Ports or LAGs to view that type of interface in the page.	153
6 Select a port, click its Edit icon and enter the fields:	153
GARP Timers	154
1 Click Network Administration > VLAN > Standard VLAN > GARP Timers.	154
2 Select either Ports or LAGs to view that type of interface in the page.	154
3 Click Edit.	154
4 Select a port, click its Edit icon and enter the fields:	154
Private VLAN	155
1 Click Network Administration > VLAN > Standard VLAN > Private VLAN.	155
2 To query by Associated Primary VLAN ID, enter a VLAN ID, and click Query. The associated VLANs are displayed.	155
3 To define a private VLAN, click Edit, Assign and enter the fields:	155
4 To assign ports to the private VLAN, click Edit, Membership.	156
5 Select a Primary VLAN ID.	156
6 Select the ports to be assigned to each VLAN, and assign each port/LAG a port type. The possible options are:	156
Voice VLAN	156
Overview	156
Properties	157
1 Click Network Administration > VLAN > Voice VLAN > Properties.	157
2 Click Edit and enter the fields:	157
Port Settings	158
1 Click Network Administration > VLAN > Voice VLAN > Port Setting.	158
2 Select an interface, click its Edit icon and enter the fields:	158
OUI	159
1 Click Network Administration > VLAN > Voice VLAN > OUI.	159
2 Click Edit, Add, and enter the fields:	159
10	161
Network Administration: Port Settings	161
Ports	161
Overview	161
Auto-Negotiation	162
MDI/MDIX	162
Flow Control	163
Back Pressure	163
Port Default Settings	163
Table 10-1. Port Default Settings	163
Jumbo Frames	164
1 Click Network Administration > Ports Settings > Jumbo Frames.	164
2 To enable/disable jumbo frames, click Edit.	164
Protected Ports	164
Protected Port Restrictions	165
Configuration of Protected Ports	165
1 Click Network Administration > Ports Settings > Protected Ports.	165
2 Click Edit.	165
3 Select the interface and click its Edit icon.	165

Match case Limit results 1 per page

Network Administration: Security

247

FILE LOCATION:

C:\Users\gina\Desktop\Checkout_new\Dell Astute\User

Guide\Dell_Astute_Network_Admin_Security.fm

DELL CONFIDENTIAL – PRELIMINARY 8/9/16 - FOR PROOF ONLY

made by other devices received from the same port, are denied until

the authorized supplicant is no longer using the port, or the access

request is to an unauthenticated or guest VLAN.

–

Single-session/Multiple Hosts

—This follows the Dot1x standard. In

this mode, the switch, as an authenticator, enables devices to use a

port, as long as one of the devices has been granted permission as a

supplicant at the port.

•

Multi-Session Dot1x

—Every device (supplicant) connecting to a port

must be authenticated and authorized by the switch (authenticator),

separately in a different Dot1x session. This is the only mode that supports

Dynamic VLAN Assignment (DVA).

Dynamic VLAN Assignment (DVA)

Dynamic VLAN Assignment (DVA) is also referred to as RADIUS VLAN

Assignment in this guide. When a port is in Multiple Session mode and is

DVA-enabled, the switch automatically adds the port as an untagged member

of the VLAN that is assigned by the RADIUS server during the authentication

process. The switch classifies all the untagged packets from an authenticated

device to the VLAN assigned to the device.

For a device to be authenticated and authorized at a DVA-enabled port:

•

The RADIUS server must authenticate the device and dynamically assign

a VLAN to the device.

•

The assigned VLAN must not be the default VLAN and must have been

created on the switch.

•

The switch must not be configured to use both a DVA and a MAC-based

VLAN group.

•

A RADIUS server must support DVA with RADIUS attributes tunnel-type

(64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-

group-id = a VLAN ID.

Dynamic Policy/ACL Assignment

The Dynamic Policy/ACL Assignment feature enables specifying a user-

defined ACL or policy in the RADIUS server. After a successful

authentication, the assigned policy/ACL is applied to the packets from the

authenticated device.