HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 254
How a RADIUS Server Applies a RADIUS-Assigned ACL to a Switch Port, Caution Regarding
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 254 highlights
Configuring RADIUS Server Support for Switch Services Configuring and Using RADIUS-Assigned Access Control Lists RADIUS-assigned ACLs Static Port ACLs Allows one RADIUS-assigned ACL per authenticated client Supports static ACLs on a port. (Each such ACL filters traffic from a different, authenticated client.) Note: The switch provides ample resources for supporting RADIUS-assigned ACLs and other features. However, the actual number of ACLs supported depends on the switch's current feature configuration and the related resource requirements. For more information, refer to the appendix titled "Monitoring Resources" in the Management and Configuration Guide for your switch. Supports only extended ACLs. (Refer to Terminology.) Supports standard and extended ACLs A given RADIUS-assigned ACL filters only the IP traffic A static port ACL applied on a port filters all traffic entering entering the switch from the authenticated client the switch through that port. corresponding to that ACL, and does not filter IP traffic inbound from other authenticated clients.(The traffic source is not a configurable setting.) A given RADIUS-assigned ACL operates on a port to filter No client authentication requirement. only the IP traffic entering the switch from the authenticated client corresponding to the ACL, and does not filter IP traffic inbound from other authenticated clients. (The traffic source is not a configurable setting.) ACEs allow a counter (cnt) option that causes a counter to ACEs allow a log option that generates a log message increment when there is a packet match. whenever there is a packet match with a "deny" ACE. Caution Regarding the Use of Source Routing Source routing is enabled by default on the switch and can be used to override ACLs. For this reason, if you are using ACLs to enhance network security, the recommended action is to use the no ip source-route command to disable source routing on the switch. (If source routing is disabled in the running config file, the show running command includes "no ip source-route" in the running-config file listing.) How a RADIUS Server Applies a RADIUS-Assigned ACL to a Switch Port A RADIUS-assigned ACL configured on a RADIUS server is identified and invoked by the unique credentials (username/password pair or a client MAC address) of the specific client the ACL is designed to service. Where the username/password pair is the selection criteria, the corresponding ACL can also be used for a group of clients that all require the same ACL policy and use 6-14