HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 249
Configuring and Using RADIUS-Assigned Access Control Lists, Introduction, Terminology
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 249 highlights
Configuring RADIUS Server Support for Switch Services Configuring and Using RADIUS-Assigned Access Control Lists Configuring and Using RADIUS-Assigned Access Control Lists Introduction A RADIUS-assigned ACL is configured on a RADIUS server and dynamically assigned by the server to filter traffic entering the switch through a specific port after the client is authenticated by the server. Note that client authenti cation can be enhanced by using ProCurve Manager with the optional IDM application. (Refer to "Optional PCM and IDM Applications" on page 6-3.) The information in this section describes how to apply RADIUS-assigned ACLs on the switch, and assumes a general understanding of ACL structure and operation. If you need information on ACL filtering criteria, design, and operation, please refer to chapter 9, "IPv4 Access Control Lists (ACLs)". Terminology ACE: See Access Control Entry, below. Access Control Entry (ACE): An ACE is a policy consisting of a packethandling action and criteria to define the packets on which to apply the action. For RADIUS-assigned ACLs, the elements composing the ACE include: • permit or drop (action) • in < ip-packet-type > from any (source) • to < ip-address [/ mask ] | any > (destination) • [ port-# ] (optional TCP or UDP application port numbers used when the packet type is TCP or UDP) ACL: See Access Control List, below. Access Control List (ACL): A list (or set) consisting of one or more explicitly configured Access Control Entries (ACEs) and terminating with an implicit "deny" default which drops any IP packets that do not have a match with any explicit ACE in the named ACL. An ACL can be "standard" or "extended". See "Standard ACL" and "Extended ACL". Both can be applied in any of the following ways: • Static Port ACL: an ACL assigned to filter inbound traffic on a specific switch port 6-9