10-19
IPv4 Access Control Lists (ACLs)
Overview
■ For 802.1X or MAC authentication methods, clients can authenticate
regardless of their IP version (IPv4 or IPv6).
■ For the Web authentication method, clients must authenticate using
IPv4. However, this does not prevent the client from using a dual
stack, or the port receiving a RADIUS-assigned ACL configured with
ACEs to filter IPv6 traffic.
■ The RADIUS server must support IPv4 and have an IPv4 address.
(RADIUS clients can be dual stack, IPv6 only, or IPv4 only.)
■ 802.1X rules for client access apply to both IPv6 and IPv4 clients for
RADIUS-assigned ACLs. Refer to “802.1X User-Based and Port-Based
Applications” on page 10-18.
Multiple ACLs on an Interface
The switch allows multiple ACL applications on an interface (subject to
internal resource availability). This means that a port belonging to a given
VLAN “X” can simultaneously be subject to all of the following:
Table 10-1. Per-Interface Multiple ACL Assignments
ACL Type ACL Application
Dynamic
(RADIUS-
Assigned) ACLs
one port-based ACL (for first client to authenticate on the port) or up
to 32 user-based ACLs (one per authenticated client)
Note: If one or more user-based, dynamic ACLs are assigned to a
port, then the only traffic allowed inbound on the port is from
authenticated clients.
IPv6 Static ACLs: One static VACL for IPv6 traffic for VLAN “X” entering the switch
through the port.
One static port ACL for IPv6 traffic entering the switch on the port.
IPv4 Static ACLs: one static VACL for IPv4 traffic for VLAN “X” entering the switch
through the port
one static port ACL for any IPv4 traffic entering the switch on the port
one connection-rate ACL for inbound IPv4 traffic for VLAN “X” on
the port (if the port is configured for connection-rate filtering) (Refer
to chapter 3, “Virus Throttling”.)
one inbound and one outbound RACL filtering routed IPv4 traffic
moving through the port for VLAN “X”. (Also applies to inbound,
switched traffic on VLAN “X” that has a destination on the switch
itself.)
To Next Page
Loading...
Need help?
General
