Radius-Assigned (Dynamic) Port Acl Applications; Radius-Assigned Acls When Multiple Clients Use The Same Port - HP 2530 Manual Supplement

Figure 17 Example of VACL filter applications on IPv6 traffic entering the switch
The switch can configure one IPv6 VACL assignment per VLAN in addition to any other IPv6 ACL
applications assigned to the IP routing interface or to ports in the VLAN. An IPv6 static port ACL
filters IPv6 traffic inbound on the designated ports.

RADIUS-assigned (dynamic) port ACL applications

IPv6 support is available for RADIUS-assigned port ACLs configured to filter inbound IPv4 and IPv6
traffic from an authenticated client, and the implicit deny in RADIUS-assigned ACLs applies to both
IPv4 and IPv6 traffic inbound from the client.
Dynamic (RADIUS-assigned) port ACLs are configured on RADIUS servers and can be configured
to filter IPv4 and IPv6 traffic inbound from clients authenticated by such servers. In
(page 60), client "A" connects to a given port and is authenticated by a RADIUS server. Because
the server is configured to assign a dynamic ACL to the port, the IPv4 and IPv6 traffic inbound on
the port from client "A" is filtered.

RADIUS-assigned ACLs when multiple clients use the same port

Some network configurations may allow multiple clients authenticate through a single port where
a RADIUS server assigns a separate, RADIUS-assigned ACL in response to each client's
authentication on that port. In such cases, a given client's inbound traffic is allowed only if the
RADIUS authentication response for that client includes a RADIUS-assigned ACL. Clients
authenticating without receiving a RADIUS-assigned ACL are immediately de-authenticated. In
"Multiple, dual-stack clients authenticating through a single port" (page
authenticate through the same port (1).
60 Updates for the HP Switch Software IPv6 Configuration Guide
Figure 17
61), clients A through D