HP ProCurve 6400cl Series Access Security Manual page 168
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
RADIUS Authentication and Accounting
Configuring a RADIUS Server To Specify Per-Port CoS and Rate-Limiting Services
Caution Regarding
the Use of Source
Routing
6-28
Deny: An ACE configured with this action causes the switch to drop a packet
for which there is a match within an applicable ACL.
Deny Any Any: An abbreviated form of deny in ip from any to any, which denies
any inbound IP traffic from any source to any destination.
Implicit Deny: If the switch finds no matches between an inbound packet
and the configured criteria in an applicable ACL, then the switch denies
(drops) the packet with an implicit "deny IP any/any" operation. You can
preempt the implicit "deny IP any/any" in a given ACL by configuring permit in
ip from any to any as the last explicit ACE in the ACL. Doing so permits any
inbound IP packet that is not explicitly permitted or denied by other ACEs
configured sequentially earlier in the ACL. Unless otherwise noted, "implicit
deny IP any" refers to the "deny" action enforced by both standard and
extended ACLs.
Inbound Traffic: For the purpose of defining where the switch applies ACLs
to filter traffic, inbound traffic is any IP packet that enters the switch from a
given client on a given port.
NAS (Network Attached Server): In this context, refers to a ProCurve
switch configured for RADIUS operation.
Permit: An ACE configured with this action allows the switch to forward an
inbound packet for which there is a match within an applicable ACL.
Permit Any Any: An abbreviated form of permit in ip from any to any, which
permits any inbound IP traffic from any source to any destination.
VSA (Vendor-Specific-Attribute): A value used in a RADIUS-based config
uration to uniquely identify a networking feature that can be applied to a port
on a given vendor's switch during an authenticated client session.
Wildcard: The part of a mask that indicates the bits in a packet's IP addressing
that do not need to match the corresponding bits specified in an ACL. See also
ACL Mask on page 6-27.
Source routing is enabled by default on the switch and can be used to override
ACLs. For this reason, if you are using ACLs to enhance network security, the
recommended action is to use the no ip source-route command to disable
source routing on the switch. (If source routing is disabled in the running
config file, the show running command includes "no ip source-route" in the
running-config file listing.)
Advertisement
Table of Contents
