Acl Assignment Configuration Example - H3C S5120-HI Security Configuration Manual
Hide thumbs
Also See for S5120-HI:
- Installation manual (76 pages) ,
- Configuration manual (20 pages) ,
- Compliance and safety manual (20 pages)
Table of Contents
Advertisement
Max number of on-line users is 256
Current online user number is 1
MAC ADDR
00e0-fc12-3456
# After a user passes MAC authentication, use the display connection command to display online user
information.
<Device> display connection
Slot:
1
Index=29
IP=N/A
IPv6=N/A
MAC=00e0-fc12-3456
Total 1 connection(s) matched on slot 1.
Total 1 connection(s) matched.
ACL assignment configuration example
Network requirements
As shown in
RADIUS servers to perform authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 1/0/1 to control Internet access. Make sure that an
authenticated user can access the Internet but the FTP server at 10.0.0.1.
Use MAC-based user accounts for MAC authentication users. The MAC addresses are hyphen separated
and in lower case.
Figure 39 Network diagram
Configuration procedure
Make sure the RADIUS server and the access device can reach each other.
1.
Configure the ACL assignment:
2.
# Configure ACL 3000 to deny packets destined for 10.0.0.1.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
[Sysname-acl-adv-3000] quit
Authenticate state
MAC_AUTHENTICATOR_SUCCESS
,Username=aaa@2000
Figure
39, a host connects to the device's port GigabitEthernet 1/0/1, and the device uses
Auth Index
29
118
Advertisement
Table of Contents
Troubleshooting
