Download Print this page

Displaying Current Radius-Assigned Acl Activity On The Switch - HP 2530 Manual Supplement

Hide thumbs Also See for 2530:

Quick setup manual (6 pages)

,

Quick setup manual (9 pages)

,

Installation and getting started manual (93 pages)

Table Of Contents

Table of Contents

Advertisement

2.

Configure RADIUS network accounting on the switch (optional).

aaa accounting network

You can also view ACL counter hits using either of the following commands:

show access-list radius <port-list>

show port-access

<port-list> clients detailed

NOTE:

the server receives and manages network accounting information, and how to perform any

configuration steps necessary to enable the server to support network accounting data from

the switch.

3.

Configure an authentication method. Options include 802.1X, web-based authentication, and

MAC authentication. You can configure 802.1X, web-based authentication, and/or MAC

authentication to operate simultaneously on the same ports.

Syntax: 802.1X Option:

aaa port-access authenticator <port-list>

aaa authentication port-access chap-radius

aaa port-access authenticator active

These commands configure 802.1X port-based access control on the switch, and

activate this feature on the specified ports.

Syntax: MAC Authentication Option:

aaa port-access mac-based <port-list>

This command configures MAC authentication on the switch and activates this

feature on the specified ports.

Syntax: Web Authentication Option:

aaa port-access web-based <port-list>

This command configures web-based authentication on the switch and activates

this feature on the specified ports.

Displaying current RADIUS-assigned ACL activity on the switch

The following commands provide data indicating current ACL activity per-port by RADIUS server

responses to client authentication.

Syntax:

show access-list radius <port-list>

For the specified ports, this command lists:

Whether the ACL for the indicated client is configured to filter only IPv4 traffic,

or both IPv4 and IPv6 traffic. See

for more on this topic.

The explicit ACEs, switch port, and client MAC address for each ACL

dynamically assigned by a RADIUS server as a response to client authentication.

If cnt (counter) is included in an ACE, then the output includes the current number

of inbound packet matches the switch has detected in the current session for that

ACE, see

52

Updates for the HP Switch Software Access Security Guide

<authenticator | mac-based | web-based>

See the documentation provided with your RADIUS server for information on how

"ACE syntax in RADIUS servers" (page

<start-stop | stop-only> radius

"Nas-Filter-Rule Attribute Options" (page 42)

44).

Table of Contents

Show Quick Links

Hide quick links:

Advertisement

Table of Contents