Table of Contents
Advertisement
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
Configuring and Using Dynamic
(RADIUS-Assigned) Access Control
Lists
Introduction
A RADIUS-assigned ACL is configured on a RADIUS server and dynamically
assigned by the server to filter IP traffic from a specific client after the client
is authenticated by the server.
The information in this section describes how to apply RADIUS-assigned ACLs
on the switch, and assumes a general understanding of ACL structure and
operation. If you need information on ACL filtering criteria, design, and
operation, refer to the following:
■
the chapter titled "IPv4 Access Control Lists (ACLs)", in this manual
the chapter titled "IPv6 Access Control Lists (ACLs)" in the latest IPv6
■
Configuration Guide for your switch
Terminology
ACE: See Access Control Entry, below.
Access Control Entry (ACE): An ACE is a policy consisting of a packet-
handling action and criteria to define the packets on which to apply the
action. For ACE details, refer to "ACE Syntax in RADIUS Servers" on page
7-25
Access Control List (ACL): A list (or set) consisting of one or more
explicitly configured Access Control Entries (ACEs) and terminating with
an implicit "deny" default which drops any IP packets that do not have a
match with any explicit ACE in the named ACL. An ACL can be applied in
the following ways:
•
VACL: an ACL assigned to filter inbound traffic on a specific VLAN
configured on the switch
•
Static Port ACL: an ACL assigned to filter inbound traffic on a specific
switch port
Configuring RADIUS Server Support for Switch Services
7-11
Hide quick links:
Advertisement
Table of Contents
