7-13
Configuring RADIUS Server Support for Switch Services
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
NAS (Network Attached Server): In this context, refers to a HP switch
configured for RADIUS operation.
Outbound Traffic: For defining the points where the switch applies an ACL
to filter traffic, outbound traffic is routed IPv4 traffic leaving the switch
through a VLAN interface (or a subnet in a multinetted VLAN). “Outbound
traffic” can also apply to switched traffic leaving the switch on a VLAN
interface, but VACLs do not filter outbound switched traffic.
Permit: An ACE configured with this action allows the switch to forward an
inbound packet for which there is a match within an applicable ACL.
Permit Any Any: An abbreviated form of permit in ip from any to any or permit
in ipv6 from any to any, which permits inbound IPv4 or IPv6 traffic from any
source to any destination.
Prefix Length: In an IPv6 ACE, a network prefix is used to specify the
leftmost contiguous bits in a packet’s SA and DA that must match the bit
settings defined in the SA and DA configured in the ACE. The prefix length
is specified (in CIDR format) by /nn immediately following the specified
SA or DA address. For example, if the SA prefix in an ACE is
2001:db8:127::/48, then the first 48 bits in the SA of a packet being com-
pared to that ACE must be the same to allow a match. In this case, bits 49
through 128 are not compared and are termed a “wildcard”. For the IPv4
equivalent, see “ACL Mask”.
RADIUS-Assigned ACL: An ACL application type in which the ACL is
assigned by a RADIUS server to a port to filter inbound IP traffic from a
specific client authenticated by the server for that port, regardless of
whether the traffic is switched or (IPv4-only) routed.
Routed ACL (RACL): An ACL applied to routed traffic (IPv4-only) that is
entering or leaving the switch on a given VLAN. See also “Access Control
List”.
Standard ACL: This type of access control list uses the layer-3 criteria of
source IPv4 address to determine whether there is a match with an IPv4
packet. Except for RADIUS-assigned ACLs, standard ACLs require an
alphanumeric name or an identification number (ID) in the range of 1-99.
See also “Extended ACL”.
Static Port ACL: An ACL statically configured on a specific port, group of
ports, or trunk. A static port ACL filters all incoming traffic on the port,
regardless of whether it is switched or routed.
To Next Page
Loading...
