Acl Assignment Configuration Example - HPE FlexNetwork MSR Series Configuration Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (861 pages) ,
- Comware 7 layer 3 - ip services configuration manuals (554 pages) ,
- Comware 5 security configuration manual (547 pages)
Table of Contents
Advertisement
Online MAC-auth wired users : 1
Silent MAC users:
MAC address
GigabitEthernet1/0/1
MAC authentication
Carry User-IP
Authentication domain
Auth-delay timer
Re-auth server-unreachable : Logoff
Host mode
Max online users
Authentication attempts
Current online users
MAC address
00e0-fc12-3456
ACL assignment configuration example
Network requirements
As shown in
•
Use RADIUS servers to perform authentication, authorization, and accounting for users.
•
Perform MAC authentication on GigabitEthernet 1/0/1 to control Internet access.
•
Use MAC-based user accounts for MAC authentication users. Each MAC address is in the
hexadecimal notation with hyphens, and letters are in lower case.
•
Use an ACL to deny authenticated users to access the FTP server at 10.0.0.1.
Figure 44 Network diagram
Host
IP: 192.168.1.10/24
MAC: 00-e0-fc-12-34-56
Configuration procedure
Make sure the RADIUS servers and the access device can reach each other.
1.
Configure ACL 3000 to deny packets destined for 10.0.0.1.
<Device> system-view
[Device] acl advanced 3000
[Device-acl-ipv4-adv-3000] rule 0 deny ip destination 10.0.0.1 0
[Device-acl-ipv4-adv-3000] quit
2.
Configure RADIUS-based MAC authentication on the device:
VLAN ID
is link-up
: Enabled
: Disabled
: Not configured
: Disabled
: Single VLAN
: 4294967295
: successful 1, failed 0
: 1
Auth state
Authenticated
Figure
50, configure the device to meet the following requirements:
GE1/0/1
Device
From port
RADIUS servers
Auth:10.1.1.1
Acct:10.1.1.2
Internet
134
Port index
FTP server
10.0.0.1/24
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork MSR Series and is the answer not in the manual?