Example Using Hp Vsa 61 To Assign Ipv4 Acls - HP 2530 Manual Supplement
Hide thumbs
Also See for 2530:
- Quick setup manual (6 pages) ,
- Quick setup manual (9 pages) ,
- Installation and getting started manual (93 pages)
Table of Contents
Advertisement
3.
For a given client username/password pair, create an ACL by entering one or more IPv6 and
IPv4 ACEs in the FreeRADIUS "users" file. The ACL created to filter both IPv4 and IPv6 traffic
automatically includes an implicit deny in ip from any to any ACE at the end of the
ACL in order to drop any IPv4 and IPv6 traffic that is not explicitly permitted or denied by the
ACL. For example, to create ACL support for a client with a username of "Admin01" and a
password of "myAuth9", the ACL must specify the following:
Permit http (TCP port 80) traffic from the client to the device at FE80::a40.
Deny http (TCP port 80) traffic from the client to all other IPv6 addresses.
Permit http (TCP port 80) traffic from the client to the device at 10.10.10.1 17.
Deny http (TCP port 80) traffic from the client to all other IPv4 addresses.
Deny Telnet (TCP port 23) traffic from the client to any IPv4 or IPv6 addresses.
Permit all other IPv4 and IPv6 traffic from the client to all other devices.
To configure the above ACL, enter the username/password and ACE information, as shown
in"Example of configuring a FreeRADIUS server to filter IPv4 and IPv6 traffic for a client using
the correct username and password credentials" (page
Figure 10 Example of configuring a FreeRADIUS server to filter IPv4 and IPv6 traffic for a client
using the correct username and password credentials
Example using HP VSA 61 to assign IPv4 ACLs
This product release supports the HP VSA 61 vendor-specific method for enabling RADIUS-based
IPv4 ACL assignments on the switch. Its recommended use is to support legacy ACL configurations
that rely on VSA 61. Beginning with software release K.14.01, HP recommends using the standard
attribute (92) for new, RADIUS-based IPv4 ACLs, see 42.
This example uses the HP VSA attribute 61 to configure RADIUS-assigned IPv4 ACL support on
FreeRADIUS for two different client identification methods (username/password and MAC address).
49):
Configuring RADIUS server support for switch services
49
- Quick Links:
- Dhcp Snooping
- Enabling Dhcp Snooping
Hide quick links:
Advertisement
Table of Contents
