EasyManua.ls Logo

HP ProCurve 6120G/XG

HP ProCurve 6120G/XG
606 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring RADIUS Server Support for Switch Services
Configuring and Using RADIUS-Assigned Access Control Lists
ACL configuration, including:
one or more explicit “permit” and/or “deny” ACEs created by the
system operator
implicit deny any any ACE automatically active after the last operator-
created ACE
Nas-Filter-Rule-Options
Table 6-4. Nas-Filter-Rule Attribute Options
Service Control Method and Operating Notes:
ACLs Applied to Client
Traffic Inbound to the
Switch
Assigns a RADIUS-
configured ACL to
filter inbound packets
received from a
specific client
authenticated on a
switch port.
ACLs Applied to Client
Traffic Inbound to the
Switch
Assigns a RADIUS-
configured IPv4 ACL
to filter inbound IPv4
packets received from
a specific client
authenticated on a
switch port.
Standard Attribute: 92
This is the preferred attribute for use in RADIUS-assigned ACLs to configure ACEs to filter IPv4
traffic.
Entry for IPv4-Only ACE To Filter Client Traffic:
Nas-filter-Rule = “< permit or deny ACE >” (Standard Attribute 92)
For example:
Nas-filter-Rule=”permit in tcp from any to any”
HP-Nas-Filter-Rule (Vendor-Specific Attribute): 61
This attribute is maintained for legacy purposes to support ACEs in RADIUS-assigned ACLs.
However, for new or updated configurations HP recommends using the Standard Attribute (92)
described earlier in this table instead of the HP-Nas-filter-Rule attribute described here.
HP (ProCurve) vendor-specific ID: 11
VSA: 61 (string = HP-Nas-Filter-Rule
Setting: HP-Nas-filter-Rule = “< permit or deny ACE >”
Configuring ACE Syntax in RADIUS Servers
The following syntax and operating information applies to ACLs configured
in a RADIUS server.
ACE Syntax
(Standard
Attribute-92)
ACE Syntax
(Legacy VSA-
61)
Nas-filter-Rule =”< permit | deny > in <ip | ip-protocol-value > from any to
< any | ip-addr | ipv4-addr/mask > [ < tcp/udp-port | tcp/udp-port range > | icmp-type ] [cnt ]”
HP-Nas-filter-Rule=”< permit | deny > in <ip | ip-protocol-value > from any to
< any | ip-addr | ipv4-addr/mask > [ < tcp/udp-port | tcp/udp-port range > | icmp-type ] [cnt ]”
6-18

Table of Contents

Other manuals for HP ProCurve 6120G/XG

Preview: Configuration Guide
Configuration Guide662 pages
Preview: Installation And Getting Started Guide
Installation And Getting Started Guide62 pages
Preview: Installation Instructions
Installation Instructions4 pages

Related product manuals