Acl Assignment Configuration Example - HP 5120 EI Switch Series Configuration Manual
Hide thumbs
Also See for 5120 EI Switch Series:
- Lan switching configuration manual (235 pages) ,
- Installation manual (92 pages) ,
- Specification (51 pages)
Table of Contents
Advertisement
# After the user passes authentication, use the display connection command to display the online user
information.
<Device> display connection
Index=29
,Username=aaa@2000
MAC=00e0-fc12-3456
IP=N/A
IPv6=N/A
Total 1 connection(s) matched.
ACL assignment configuration example
Network requirements
As shown in
performs RADIUS servers for authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 1/0/1 to control Internet access. Ensure that an
authenticated user can access the Internet but the FTP server at 10.0.0.1.
Use MAC-based user accounts for MAC authentication users. The MAC addresses are hyphen separated
and in lower case.
Figure 39 Network diagram for ACL assignment
Host
192.168.1.10
Configuration procedure
NOTE:
Check that the RADIUS server and the access device can reach each other.
Configure the ACL assignment.
1.
# Configure ACL 3000 to deny packets destined for 10.0.0.1.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
[Sysname-acl-adv-3000] quit
Configure RADIUS-based MAC authentication on the device.
2.
# Configure the RADIUS scheme.
[Sysname] radius scheme 2000
Figure
39, a host connects to the device's port GigabitEthernet 1/0/1, and the device
RADIUS servers
Auth:10.1.1.1
Acct:10.1.1.2
GE1/0/1
Switch
Internet
FTP server
10.0.0.1
105
Advertisement
Table of Contents
Troubleshooting
