Example Using Hp Vsa 63 To Assign Ipv6 Or Ipv4 Acls - HP 2530 Manual Supplement

Figure 6 Example of switch identity information for a freeRADIUS application
3. For a given client username/password pair or MAC address, create an ACL by entering one
or more ACEs in the FreeRADIUS "users" file. Remember that every ACL created automatically
includes an implicit deny in ip from any to any ACE.
For example, to create identical ACL support for the following:
Client having a username of "mobilE011" and a password of "run10kFast"
Client having a MAC address of 08 E9 9C 4F 00 19
The ACL in this example must achieve the following:
Permit http (TCP port 80) traffic from the client to the device at 10.10.10.101
Deny http (TCP port 80) traffic from the client to all other devices
Permit all other traffic from the client to all other devices
To configure the above ACL, enter the username/password and ACE information shown in
Figure 7 (page
Figure 7 Example of configuring the FreeRADIUS server to support ACLs for the indicated clients

Example using HP VSA 63 to assign IPv6 or IPv4 ACLs

The ACL VSA HP-Nas-Rules-IPv6=1 is used in conjunction with the standard attribute
(Nas-Filter-Rule) for ACL assignments filtering both IPv6 and IPv4 traffic inbound from an
authenticated client. For example, to use these attributes to configure a RADIUS-assigned ACL on
a FreeRADIUS server to filter both IPv6 and IPv4 ACLs, do the following:
47).
Configuring RADIUS server support for switch services 47