EasyManua.ls Logo

HP E3800-24G-PoE+-2SFP+

HP E3800-24G-PoE+-2SFP+
732 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
7-38
Configuring RADIUS Server Support for Switch Services
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
Figure 7-12. Example Showing a RADIUS-Assigned ACL Application to a Currently Active Client Session
HP Switch(config)# show access-list radius b1
Radius-configured Port-based ACL for
Port 1, Client -- 0017A4E6D787
IPv6 ACLs enabled (HP-Nas-Rules-Ipv6): FALSE
deny in tcp from any to 10.30.248.184 23 cnt
Packet Hit Counter : 1
deny in tcp from any to 10.30.248.184 80 cnt
Packet Hit Counter : 10
permit in tcp from any to 10.30.248.184 7
permit in udp from any to 10.30.248.184 7
deny in tcp from any to 10.30.248.184 161 cnt
Packet Hit Counter : 25
deny in udp from any to 10.30.248.184 161 cnt
Packet Hit Counter : 7
permit in ip from any to any
Indicates MAC address identity of the authenticated
client on the specified port. This data identifies the
client to which the ACL applies.
Lists “deny” ACE for Inbound Telnet (23 = TCP port
number) traffic, with counter configured to show the
number of matches detected.
Lists current counter for the preceding “Deny” ACE.
Lists “permit” ACEs for inbound TCP and UDP traffic,
with no counters configured.
Note that the implicit “deny any/any” included
automatically at the end of every ACL is not visible in
ACL listings generate by the switch.
Indicates that IPv6 traffic filtering is not enabled for
the ACL assigned to the authenticated client.
Syntax: show port-access < web-based | mac-based | authenticator > clients < port-list > detailed
For ports, in < port-list > configured for authentication, shows the details of the RADIUS-
assigned features listed below that are active as the result of a client authentication. (Ports
in < port-list > that are not configured for authentication are not listed.)
Client Base Details:
Port: Port number of port configured for authentication.
Session Status: Indicates whether there is an authenticated client session active on the
port. Options include authenticated and unauthenticated.
Username: During an authenticated session, shows the user name of the authenticated
client. If the client is not authenticated, this field is empty.
IP: Shows the authenticated client’s IP address, if available. Requires DHCP snooping
enabled on the switch. When “n/a” appears in the field, the switch has not been able to
acquire the client’s IP address. (Where the client IP address is available to the switch,
it can take a minute or longer for the switch to learn the address.) For more on this
topic, refer to “Configuring RADIUS Accounting on page 6-53.
Session Time (sec): For an unauthenticated session, indicates the elapsed time in seconds
since the client was detected on the port. For an authenticated session, indicates the
elapsed time in seconds since the client was authenticated on the port.
MAC Address: During an authenticated session, shows the MAC address of the authen-
ticated client.
— Continued on the Next Page —

Table of Contents

Related product manuals