10-17
IPv4 Access Control Lists (ACLs)
Overview
RADIUS-Assigned (Dynamic) Port ACL Applications
Note Beginning with software release K.14.01, IPv6 support is available for
RADIUS-assigned port ACLs configured to filter inbound IPv4 and IPv6 traffic
from an authenticated client. Also, the implicit deny in RADIUS-assigned ACLs
applies to both IPv4 and IPv6 traffic inbound from the client. For information
on enabling RADIUS-assigned ACLs, refer to the chapter titled “Configuring
RADIUS Support for Switch Services” in this guide.
Dynamic (RADIUS-assigned) port ACLs are configured on RADIUS servers
and can be configured to filter IPv4 and IPv6 traffic inbound from clients
authenticated by such servers. For example, in figure 10-3 client “A” connects
to a given port and is authenticated by a RADIUS server. Because the server
is configured to assign a dynamic ACL to the port, the IPv4 and IPv6 traffic
inbound on the port from client “A” is filtered. (See also “Operating Notes” on
page 10-18.)
Effect of RADIUS-assigned ACLs When Multiple Clients Are Using the
Same Port. Some network configurations may allow multiple clients to
authenticate through a single port where a RADIUS server assigns a separate,
RADIUS-assigned ACL in response to each client’s authentication on that port.
In such cases, a given client’s inbound traffic will be allowed only if the
RADIUS authentication response for that client includes a RADIUS-assigned
ACL. For example, in figure 10-3 (below), clients A through D authenticate
through the same port (B1) on an 8212zl switch running software release
K.14.01 or greater.
Figure 10-3. Example of Multiple Clients Authenticating Through a Single Port
In this case, the RADIUS server must be configured to assign a RADIUS-
assigned ACL to port B1 each time any of the clients authenticates on the port.
Unmanaged
Switch
RADIUS
Server
Client D
Client C
E8212zl
Client A
Client B
10.100.0.0
LAN
Port B1
To Next Page
Loading...
Need help?
General