Acl Assignment Configuration Example - HP A5830 Series Configuration Manual
Security switch
Hide thumbs
Also See for A5830 Series:
- Command reference manual (249 pages) ,
- Configuration manual (246 pages) ,
- Configuration manual (152 pages)
Table of Contents
Advertisement
ACL assignment configuration example
Network requirements
As shown in
RADIUS servers to perform authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 1/0/1 to control Internet access. Make sure that
an authenticated user can access the Internet but not the FTP server at 10.0.0.1.
Use MAC-based user accounts for MAC authentication users. The MAC addresses are separated by
hyphens and in lowercase characters.
Figure 39 ACL assignment
Configuration procedure
NOTE:
Check that the RADIUS server and the access device can reach each other.
Configure the ACL assignment.
1.
# Configure ACL 3000 to deny packets destined for 10.0.0.1.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
[Sysname-acl-adv-3000] quit
Configure RADIUS-based MAC authentication on the device.
2.
# Configure a RADIUS scheme.
[Sysname] radius scheme 2000
[Sysname-radius-2000] primary authentication 10.1.1.1 1812
[Sysname-radius-2000] primary accounting 10.1.1.2 1813
[Sysname-radius-2000] key authentication abc
[Sysname-radius-2000] key accounting abc
[Sysname-radius-2000] user-name-format without-domain
[Sysname-radius-2000] quit
# Apply the RADIUS scheme to an ISP domain for authentication, authorization, and accounting.
[Sysname] domain 2000
[Sysname-isp-2000] authentication default radius-scheme 2000
Figure
39, a host connects to the device's port GigabitEthernet 1/0/1, and the device uses
105
Advertisement
Table of Contents
Troubleshooting
