Table of Contents
Advertisement
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
Displaying the Current RADIUS-Assigned ACL Activity
on the Switch
These commands output data indicating the current ACL activity imposed per-
port by RADIUS server responses to client authentication.
Syntax: show access-list radius < port-list >
For the specified ports, this command lists:
• whether the ACL for the indicated client is configured to filter IPv4
traffic only, or both IPv4 and IPv6 traffic. Refer to Table 7-7 on page
7-23 for more on this topic.
• the explicit ACEs, switch port, and client MAC address for each ACL
dynamically assigned by a RADIUS server as a response to client
authentication.
If cnt (counter) is included in an ACE, then the output includes the
current number of inbound packet matches the switch has detected in
the current session for that ACE. (Refer to "ACE Syntax in RADIUS
Servers" on page 7-25.)
Note: If there are no ACLs currently assigned to any port in
< port-list >, executing this command returns only the system prompt.
If a client authenticates but the server does not return a RADIUS-
assigned ACL to the client port, then the server does not have a valid
ACL configured and assigned to that client's authentication creden-
tials.
For example, the following output shows that a RADIUS server has assigned
an ACL to port 1 to filter inbound traffic from an authenticated client identified
by a MAC address of 00-17-A4-E6-D7-87.
Configuring RADIUS Server Support for Switch Services
7-37
Hide quick links:
Advertisement
Table of Contents
