EasyManuals Logo

HP ProCurve 6120G/XG User Manual

HP ProCurve 6120G/XG
606 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #258 background imageLoading...
Page #258 background image
Configuring RADIUS Server Support for Switch Services
Configuring and Using RADIUS-Assigned Access Control Lists
ACL configuration, including:
one or more explicit “permit” and/or “deny” ACEs created by the
system operator
implicit deny any any ACE automatically active after the last operator-
created ACE
Nas-Filter-Rule-Options
Table 6-4. Nas-Filter-Rule Attribute Options
Service Control Method and Operating Notes:
ACLs Applied to Client
Traffic Inbound to the
Switch
Assigns a RADIUS-
configured ACL to
filter inbound packets
received from a
specific client
authenticated on a
switch port.
ACLs Applied to Client
Traffic Inbound to the
Switch
Assigns a RADIUS-
configured IPv4 ACL
to filter inbound IPv4
packets received from
a specific client
authenticated on a
switch port.
Standard Attribute: 92
This is the preferred attribute for use in RADIUS-assigned ACLs to configure ACEs to filter IPv4
traffic.
Entry for IPv4-Only ACE To Filter Client Traffic:
Nas-filter-Rule = “< permit or deny ACE >” (Standard Attribute 92)
For example:
Nas-filter-Rule=”permit in tcp from any to any”
HP-Nas-Filter-Rule (Vendor-Specific Attribute): 61
This attribute is maintained for legacy purposes to support ACEs in RADIUS-assigned ACLs.
However, for new or updated configurations HP recommends using the Standard Attribute (92)
described earlier in this table instead of the HP-Nas-filter-Rule attribute described here.
HP (ProCurve) vendor-specific ID: 11
VSA: 61 (string = HP-Nas-Filter-Rule
Setting: HP-Nas-filter-Rule = “< permit or deny ACE >”
Configuring ACE Syntax in RADIUS Servers
The following syntax and operating information applies to ACLs configured
in a RADIUS server.
ACE Syntax
(Standard
Attribute-92)
ACE Syntax
(Legacy VSA-
61)
Nas-filter-Rule =”< permit | deny > in <ip | ip-protocol-value > from any to
< any | ip-addr | ipv4-addr/mask > [ < tcp/udp-port | tcp/udp-port range > | icmp-type ] [cnt ]”
HP-Nas-filter-Rule=”< permit | deny > in <ip | ip-protocol-value > from any to
< any | ip-addr | ipv4-addr/mask > [ < tcp/udp-port | tcp/udp-port range > | icmp-type ] [cnt ]”
6-18

Table of Contents

Other manuals for HP ProCurve 6120G/XG

Preview: Configuration Guide
Configuration Guide662 pages
Preview: Installation And Getting Started Guide
Installation And Getting Started Guide62 pages
Preview: Installation Instructions
Installation Instructions4 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 6120G/XG and is the answer not in the manual?

HP ProCurve 6120G/XG Specifications

General IconGeneral
BrandHP
ModelProCurve 6120G/XG
CategorySwitch
LanguageEnglish

Related product manuals