Contrasting Radius-Assigned And Static Acls - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
Table 7-1.
Contrasting Dynamic (RADIUS-Assigned) and Static ACLs
RADIUS-Assigned ACLs
Configured in client accounts on a RADIUS server.
Designed for use on the edge of the network where filtering
of IP traffic entering the switch from individual,
authenticated clients is most important and where clients
with differing access requirements are likely to use the
same port.
Implementation requires client authentication.
Identified by the credentials (username/password pair or
the MAC address) of the specific client the ACL is intended
to service.
Supports dynamic assignment to filter only the IP traffic
entering the switch from an authenticated client on the port
to which the client is connected. (IPv6 traffic can be
switched; IPv4 traffic can be routed or switched. For either
IP traffic family, includes traffic having a DA on the switch
itself.)
When the authenticated client session ends, the switch
removes the RADIUS-assigned ACL from the client port.
Allows one RADIUS-assigned ACL per authenticated client
on a port. (Each such ACL filters traffic from a different,
authenticated client.)
Note: The switch provides ample resources for supporting
RADIUS-assigned ACLs and other features. However, the
actual number of ACLs supported depends on the switch's
current feature configuration and the related resource
requirements. For more information, refer to the appendix
titled "Monitoring Resources" in the Management and
Configuration Guide for your switch.
Supports IPv6 ACLs and IPv4 extended ACLs. (Refer to
"Terminology" on page 7-11.)
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
Contrasting RADIUS-Assigned and Static ACLs
Table 7-1 highlights several key differences between the static ACLs configu-
rable on switch VLANs and ports, and the dynamic ACLs that can be assigned
by a RADIUS server to filter IP traffic from individual clients.
Configuring RADIUS Server Support for Switch Services
Static Port and VLAN ACLs
Configured on switch ports and VLANs.
Designed for use where the filtering needs focus on static
configurations covering:
• switched IP traffic entering from multiple authenticated
or unauthenticated sources (VACLs or static port ACLs)
• routed IPv4 traffic (RACLs)
• IP traffic from multiple sources and having a destination
on the switch itself
Client authentication not a factor.
Identified by a number in the range of 1-199 or an
alphanumeric name.
Supports static assignments to filter:
• switched IPv6 traffic entering the switch
• switched or routed IPv4 traffic entering the switch, or
routed IPv4 traffic leaving the switch.
Remains statically assigned to the port or VLAN.
Simultaneously supports all of the following static
assignments affecting a given port:
• IPv4 traffic:
– inbound RACL
– outbound RACL
– VACL
– static port ACL
• IPv6 traffic:
– VACL
– static port ACL
Supports IPv6 ACLs and standard, extended, and
connection-rate IPv4 ACLs. (Refer to "Configuring and
Applying Connection-Rate ACLs" on page 3-18.)
7-17
Hide quick links:
Advertisement
Chapters
Table of Contents
