Contrasting Radius-Assigned And Static Acls - HP 2530 Manual Supplement

Table 8 Simultaneous ACL activity supported per-port
ACL type
VACL
Port ACL
RADIUS-assigned ACL
1
Subject to resource availability on the switch. For more information, see the appendix titled "Monitoring Resources" in
the latest HP Switch Software Management and Configuration Guide for your switch.
2
One per authenticated client, up to a maximum of 32 clients per-port for 802.1X, web-based authentication, and
MAC-Authentication methods combined.

Contrasting RADIUS-assigned and static ACLs

Table 9 (page 38)
VLANs and ports, and the dynamic ACLs that can be assigned by a RADIUS server to filter IP traffic
from individual clients.
Table 9 Contrasting dynamic (RADIUS-assigned) and static ACLs
Dynamic RADIUS-assigned ACLs
Configured in client accounts on a RADIUS server.
Designed for use on the edge of the network where filtering
of IP traffic entering the switch from individual,
authenticated clients is most important and where clients
with differing access requirements are likely to use the
same port.
Implementation requires client authentication.
Identified by credentials (username/password pair or MAC
address) of the specific client the ACL is to service.
Supports dynamic assignment to filter only IP traffic entering
the switch from an authenticated client on the port where
the client is connected. (IPv6 traffic can be switched; IPv4
traffic can be routed or switched. For either IP traffic family,
includes traffic having a DA on the switch itself.)
When the authenticated client session ends, the switch
removes the RADIUS-assigned ACL from the client port.
Allows one RADIUS-assigned ACL per authenticated client
on a port. (Each such ACL filters traffic from a different,
authenticated client.)
Note: The switch provides ample resources for supporting
RADIUS-assigned ACLs and other features. However, the
actual number of ACLs supported depends on the switch's
current feature configuration and the related resource
requirements. For more information, see the appendix titled
"Monitoring Resources" in the HP Switch Software
Management and Configuration Guide for your switch.
38 Updates for the HP Switch Software Access Security Guide
Function
Static ACL assignment to filter inbound IP traffic on a
specific VLAN.
Static ACL assignment to filter inbound IP traffic on a
specific port.
Dynamic ACL assignment to filter inbound IP traffic from
a specific client on a given port.
highlights several key differences between the static ACLs configurable on switch
1
Static port and VLAN ACLs
Configured on switch ports and VLANs.
Designed for use where the filtering needs focus on static
configurations covering:
switched IP traffic entering from multiple authenticated
or unauthenticated sources (VACLs or static port ACLs)
routed IPv4 traffic (RACLs)
IP traffic from multiple sources with a destination on the
switch itself
Client authentication does not apply.
Identified by a number in the range of 1- 1 99 or an
alphanumeric name.
Supports static assignments to filter:
switched IPv6 traffic entering the switch
switched or routed IPv4 traffic entering the switch, or
routed IPv4 traffic leaving the switch
Remains statically assigned to the port or VLAN.
Simultaneously supports all the following static assignments
affecting a given port:
IPv4 traffic:
inbound RACL
outbound RACL
VACL
static port ACL
IPv6 traffic:
VACL
static port ACL
IPv4 IPv6
1 1
1 1
2 2
1-32 1-32