Acl Assignment Configuration Example - HP 6600 Security Configuration Manual

Index=52
IP=N/A
IPv6=N/A
MAC=00e0-fc12-3456
Total 1 connection(s) matched on slot 3.
Total 1 connection(s) matched.

ACL assignment configuration example

Network requirements
As shown in
RADIUS servers to perform authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 3/0/1 to control Internet access. Make sure an
authenticated user can access the Internet but not the FTP server at 10.0.0.1.
Use MAC-based user accounts for MAC authentication users. The MAC addresses are hyphen separated
and in lower case.
Figure 44 Network diagram
Host
IP: 192.168.1.10/24
MAC: 00-e0-fc-12-34-56
Configuration procedure
1. Make sure the RADIUS server and the router can reach each other.
2. Configure the ACL assignment on the router:
Configure ACL 3000 to deny packets destined for 10.0.0.1.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
[Sysname-acl-adv-3000] quit
3. Configure RADIUS-based MAC authentication on the router:
# Configure a RADIUS scheme.
[Sysname] radius scheme 2000
[Sysname-radius-2000] primary authentication 10.1.1.1 1812
[Sysname-radius-2000] primary accounting 10.1.1.2 1813
[Sysname-radius-2000] key authentication simple abc
[Sysname-radius-2000] key accounting simple abc
, Username=aaa@2000
Figure 44, a host connects to port GigabitEthernet 3/0/1 of the router, and the router uses
GE3/0/1
Router
RADIUS servers
Auth:10.1.1.1
Acct:10.1.1.2
Internet
121
FTP server
10.0.0.1/24