Table of Contents
Advertisement
Chapter 7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Customizing CN3000 and customer settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 7
Critical access list definitions (such as for a remote login page, certificates) should not
use the OPTIONAL setting because if these definitions fail to initialize there will be no
indication in the log.
Defining access lists
Access lists are defined by adding the following Colubris-AVPair value string to the
RADIUS profile for a CN3000. Each value string defines one rule. Up to 99 rules can be
defined for an access list.
access-list=value
All rules that make up an access list must be initialized without error for the list to be
active. (You can force the CN3000 to ignore initialization errors on a rule-by-rule basis
by using the OPTIONAL parameter.)
You can define up to 32 access lists.
Activating access lists
Access lists are activated by adding the following Colubris-AVPair value string to the
RADIUS profile for a CN3000 or a customer.
use-access-list=value
Only one access list can be active per profile. This list must have been initialized without
an error.
Colubris-AVPair value string
access-list=
listname [,OPTIONAL], action , protocol , address , port [, account [, interval ]]
use-access-list= uselistname
Where:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 155 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Parameter
Description
Specify a name (up to 32 characters long) to identify the access list
listname
this rule applies to. If a list with this name does not exist, a new list is
created. If a list with this name exists, the rule is added to it.
Specify the name of an existing access list. This list is activated for the
uselistname
current profile. Lists are checked in the order they are activated.
Allows the access list to be activated even if this rule fails to initialize.
OPTIONAL
For example, if you specify a rule that contains an address which
cannot be resolved for some reason, the other rules that make up the
access list will still be initialized. If you do not specify optional, a failed
rule will cause the entire list to fail.
Important: Critical access list definitions (such as for a remote login
page, certificates) should not use the OPTIONAL setting because if
these definitions fail to initialize there will be no indication in the log.
Specify what action the rule takes when it matches incoming traffic.
action
Two options are available:
• ACCEPT - Allow traffic matching this rule.
• DENY - Reject traffic matching this rule.
Specify the protocol to check: tcp, udp, icmp, all
protocol
- Quick Links:
- Introduction
- Wireless Radio
- Logging in
- Reset Button
Hide quick links:
Advertisement
Table of Contents
