HP ProCurve Series 3400cl Release Notes page 57

Procurve series

Hide thumbs Also See for ProCurve Series 3400cl:

Management manual (664 pages)

Management and configuration manual (508 pages)

Access security manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

page of 197

/ 197
Contents
Table of Contents
Bookmarks

Table of Contents

Table 4. Contrasting Dynamic and Static ACLs

RADIUS-Based (Dynamic) ACLs

Operates on the 3400cl switches.

Configured in client accounts on a RADIUS server.

Designed for use on the edge of the network where

filtering of inbound traffic is most important and where

clients with differing access requirements are likely

to use the same port at different times.

Implementation requires client authentication.

Instead of an ACL name or number, the ACL is defined

by the credentials (username/password pair or the

MAC address) of the specific client the ACL is

intended to service. Thus, all ACEs configured in the

RADIUS server with the same client identifiers

comprise the ACL for the specified client.

Supports dynamic assignment to filter only the

inbound IP traffic from an authenticated client on the

port to which the client is connected. (Traffic can be

routed or switched, and includes traffic having a DA

on the switch itself.)

When the authenticated client session ends, the

switch removes the RADIUS-assigned ACL from the

client port.

Supports one RADIUS-based ACL on a port.

The ACL filters the IP traffic received inbound from the

client whose authentication resulted in the ACL

assignment. Inbound traffic from any other source is

denied.

Requires client authentication by a RADIUS server

configured to dynamically assign an ACL to the client

port, based on client credentials.

ACEs allow a counter (cnt) option that causes a

counter to increment when there is a packet match.

Port-Based (Static) ACLs

Operates on both the 3400cl and 6400cl switches.

Configured in the switch itself.

Designed for general use where the filtering needs for

the traffic to the switch from connected devices is

predictable and largely static.

Client authentication not a factor.

Identified by a number in the range of 1-199 or an

alphanumeric name.

Supports static assignments to filter traffic from a

connected device, and operates in applictions that

may or may not include 802.1X or other types of client

authentication.

Remains statically assigned to the ports unless

removed by a no interface < port-list > access-group

CLI command.

Supports one inbound ACL per-port.

An ACL applied inbound on a port filters all IP traffic

received.

Configured in the switch and statically applied to filter

all inbound IP traffic on the specified ports.

ACEs allow a log option that generates a log message

whenever there is a packet match with a "deny" ACE.

Enhancements

Release M.10.02 Enhancements

Table of Contents

This manual is also suitable for:

Procurve 3400cl-48g Procurve 6400cl-6xg Procurve 6410cl-6xg Procurve 3400cl-24g

HP ProCurve Series 3400cl Release Notes page 57

Related Manuals for HP ProCurve Series 3400cl

Related Products for HP ProCurve Series 3400cl

This manual is also suitable for:

Table of Contents