3Com 3CRWX120695A Reference Manual page 360

360 C 7: C
HAPTER ONFIGURING
A , A
UTHENTICATION UTHORIZATION
Mapping User-Based ACLs
When you map a user-based ACL, you can use any defined ACL, even if
that ACL is also mapped to a port, VLAN, or virtual port.
You can set a Filter-Id authorization attribute at the RADIUS server or at
the WX switch's local database. The Filter-Id attribute is a security ACL
name (or two ACL names) with the direction of the packets indicated.
The security ACL mapped by Filter-Id instructs the WX switch to use its
local definition of the ACL, including the flow direction, to filter packets
for the authenticated user.
If you are configuring Filter-ID attributes for a user in a WX switch's
local database, use the filter-id.in attribute to specify an inbound ACL
and use the filter-id.out attribute to specify an outbound ACL.
If you are configuring the attributes on a RADIUS server, MSS can
receive the Filter-ID attribute with the Profile value for an inbound
ACL and the OutboundACL for an outbound ACL. On the RADIUS
server, the value field of filter-id can specify up to two ACLs. Any of
the following are valid for MSS:
filter-id = "Profile=acl1"
filter-id = "OutboundACL=acl2"
filter-id = "Profile=acl1 OutboundACL=acl2"
The format in which to enter these values depends on the RADIUS
server.
The security ACLs mapped by Filter-Id instruct the WX switch to use its
local definition of the ACL, including the flow direction, to filter packets
for the authenticated user.
For more information about assigning attributes in the local WX
database, see "Configuring User Authorization Attributes" on page 310.
For more information about adding attributes to a RADIUS database, see
your RADIUS documentation.
, A P
AND CCOUNTING ARAMETERS