HP ProCurve 2910al Access Security Manual page 216
Hide thumbs
Also See for ProCurve 2910al:
- Configuration manual (194 pages) ,
- Manual (126 pages) ,
- Installation and getting started manual (114 pages)
Table of Contents
Advertisement
Configuring RADIUS Server Support for Switch Services
Configuring and Using RADIUS-Assigned Access Control Lists
6-10
•
RADIUS-assigned ACL: dynamic ACL assigned to a port by a RADIUS
server to filter inbound traffic from an authenticated client on that
port
An ACL can be configured on an interface as a static port ACL. (RADIUS
assigned ACLs are configured on a RADIUS server.)
ACL Mask: Follows a destination IP address listed in an ACE. Defines which
bits in a packet's corresponding IP addressing must exactly match the IP
addressing in the ACE, and which bits need not match (wildcards).
DA: The acronym for Destination IP Address. In an IP packet, this is the
destination IP address carried in the header, and identifies the destination
intended by the packet's originator.
Deny: An ACE configured with this action causes the switch to drop a packet
for which there is a match within an applicable ACL.
Deny Any Any: An abbreviated form of deny in ip from any to any, which denies
any inbound IP traffic from any source to any destination.
Dynamic Port ACL: See RADIUS-Assigned ACL.
Implicit Deny: If the switch finds no matches between an inbound packet
and the configured criteria in an applicable ACL, then the switch denies
(drops) the packet with an implicit "deny IP any/any" operation. You can
preempt the implicit "deny IP any/any" in a given ACL by configuring
permit in ip from any to any as the last explicit ACE in the ACL. Doing so
permits any inbound IP packet that is not explicitly permitted or denied
by other ACEs configured sequentially earlier in the ACL. Unless other
wise noted, "implicit deny IP any" refers to the "deny" action enforced by
both standard and extended ACLs.
Inbound Traffic: For the purpose of defining where the switch applies ACLs
to filter traffic, inbound traffic is any IP packet that enters the switch from
a given client on a given port.
NAS (Network Attached Server): In this context, refers to a ProCurve
switch configured for RADIUS operation.
Outbound Traffic: For defining the points where the switch applies an ACL
to filter traffic, outbound traffic is routed traffic leaving the switch
through a VLAN interface (or a subnet in a multinetted VLAN). "Outbound
traffic" can also apply to switched traffic leaving the switch on a VLAN
interface.
Hide quick links:
Advertisement
Table of Contents
