10-17
IPv4 Access Control Lists (ACLs)
Overview
RADIUS-Assigned (Dynamic) Port ACL Applications
Note IPv6 support is available for RADIUS-assigned port ACLs configured to filter
inbound IPv4 and IPv6 traffic from an authenticated client. Also, the implicit
deny in RADIUS-assigned ACLs applies to both IPv4 and IPv6 traffic inbound
from the client. For information on enabling RADIUS-assigned ACLs, refer to
the chapter titled “Configuring RADIUS Support for Switch Services” in this
guide.
Dynamic (RADIUS-assigned) port ACLs are configured on RADIUS servers
and can be configured to filter IPv4 and IPv6 traffic inbound from clients
authenticated by such servers. For example, in figure 10-3 client “A” connects
to a given port and is authenticated by a RADIUS server. Because the server
is configured to assign a dynamic ACL to the port, the IPv4 and IPv6 traffic
inbound on the port from client “A” is filtered. (See also “Operating Notes” on
page 10-18.)
Effect of RADIUS-assigned ACLs When Multiple Clients Are Using the
Same Port. Some network configurations may allow multiple clients to
authenticate through a single port where a RADIUS server assigns a separate,
RADIUS-assigned ACL in response to each client’s authentication on that port.
In such cases, a given client’s inbound traffic will be allowed only if the
RADIUS authentication response for that client includes a RADIUS-assigned
ACL. For example, in figure 10-3 (below), clients A through D authenticate
through the same port (1).
Figure 10-3. Example of Multiple Clients Authenticating Through a Single Port
In this case, the RADIUS server must be configured to assign a RADIUS-
assigned ACL to port B1 each time any of the clients authenticates on the port.
Unmanaged
Switch
RADIUS
Server
Client D
Client C
3800 Switch
Client A
Client B
10.100.0.0
LAN
Port 1
To Next Page
Loading...
Need help?
General