EasyManua.ls Logo

HP E3800-24G-PoE+-2SFP+

HP E3800-24G-PoE+-2SFP+
732 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
7-30
Configuring RADIUS Server Support for Switch Services
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
2. Enter the switch IPv4 address, NAS (Network Attached Server) type, and
the key used in the FreeRADIUS clients.conf file. For example, if the switch
IP address is 10.10.10.125 and the key (“secret”) is “1234”, you would enter
the following in the server’s clients.conf file:
Figure 7-7. Example of Switch Identity Information for a FreeRADIUS Application
3. For a given client username/password pair, create an ACL by entering one
or more IPv6 and IPv4 ACEs in the FreeRADIUS “users” file. Remember
that the ACL you create to filter both IPv4 and IPv6 traffic automatically
includes an implicit deny in ip from any to any ACE at the end of the ACL
(to drop any IPv4 and IPv6 traffic that is not explicitly permitted or denied
by the ACL). For example, suppose that you wanted to create ACL support
for a client having a username of “Admin01” and a password of “myAuth9”.
The ACL in this example must achieve the following:
Permit http (TCP port 80) traffic from the client to the device at
FE80::a40.
Deny http (TCP port 80) traffic from the client to all other IPv6
addresses.
Permit http (TCP port 80) traffic from the client to the device at
10.10.10.117.
Deny http (TCP port 80) traffic from the client to all other IPv4
addresses.
Deny Telnet (TCP port 23) traffic from the client to any IPv4 or IPv6
addresses.
Permit all other IPv4 and IPv6 traffic from the client to all other
devices.
To configure the above ACL, you would enter the username/password and
ACE information shown in figure 7-8 into the FreeRADIUS “users” file.
client 10.10.18.12
nastype = other
secret = 1234
Note: The key configured in the switch and the
secret configured in the RADIUS server
supporting the switch must be identical. Refer
to the chapter titled “RADIUS Authentication
and Accounting” in the latest Access Security
Guide for your switch.

Table of Contents

Related product manuals