EasyManua.ls Logo

HP J8693A

HP J8693A
778 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
7-17
Configuring RADIUS Server Support for Switch Services
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
Contrasting RADIUS-Assigned and Static ACLs
Table 7-1 highlights several key differences between the static ACLs configu-
rable on switch VLANs and ports, and the dynamic ACLs that can be assigned
by a RADIUS server to filter IP traffic from individual clients.
Table 7-1. Contrasting Dynamic (RADIUS-Assigned) and Static ACLs
RADIUS-Assigned ACLs Static Port and VLAN ACLs
Configured in client accounts on a RADIUS server. Configured on switch ports and VLANs.
Designed for use on the edge of the network where filtering
of IP traffic entering the switch from individual,
authenticated clients is most important and where clients
with differing access requirements are likely to use the
same port.
Designed for use where the filtering needs focus on static
configurations covering:
switched IP traffic entering from multiple authenticated
or unauthenticated sources (VACLs or static port ACLs)
routed IPv4 traffic (RACLs)
IP traffic from multiple sources and having a destination
on the switch itself
Implementation requires client authentication. Client authentication not a factor.
Identified by the credentials (username/password pair or
the MAC address) of the specific client the ACL is intended
to service.
Identified by a number in the range of 1-199 or an
alphanumeric name.
Supports dynamic assignment to filter only the IP traffic
entering the switch from an authenticated client on the port
to which the client is connected. (IPv6 traffic can be
switched; IPv4 traffic can be routed or switched. For either
IP traffic family, includes traffic having a DA on the switch
itself.)
Supports static assignments to filter:
switched IPv6 traffic entering the switch
switched or routed IPv4 traffic entering the switch, or
routed IPv4 traffic leaving the switch.
When the authenticated client session ends, the switch
removes the RADIUS-assigned ACL from the client port.
Remains statically assigned to the port or VLAN.
Allows one RADIUS-assigned ACL per authenticated client
on a port. (Each such ACL filters traffic from a different,
authenticated client.)
Note: The switch provides ample resources for supporting
RADIUS-assigned ACLs and other features. However, the
actual number of ACLs supported depends on the switch’s
current feature configuration and the related resource
requirements. For more information, refer to the appendix
titled “Monitoring Resources” in the Management and
Configuration Guide for your switch.
Simultaneously supports all of the following static
assignments affecting a given port:
IPv4 traffic:
inbound RACL
outbound RACL
–VACL
static port ACL
IPv6 traffic:
–VACL
static port ACL
Supports IPv6 ACLs and IPv4 extended ACLs. (Refer to
“Terminology” on page 7-11.)
Supports IPv6 ACLs and standard, extended, and
connection-rate IPv4 ACLs. (Refer to “Configuring and
Applying Connection-Rate ACLs” on page 3-18.)

Table of Contents

Other manuals for HP J8693A

Related product manuals