HP ProCurve Series 3400cl Release Notes page 59

Procurve series

Hide thumbs Also See for ProCurve Series 3400cl:

Management manual (664 pages)

Management and configuration manual (508 pages)

Access security manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

page of 197

/ 197
Contents
Table of Contents
Bookmarks

Table of Contents

packet (from the authenticated client) that is not explicitly permitted or denied by other ACEs

configured sequentially earlier in the ACL. Unless otherwise noted, "implicit deny IP any" refers

to the "deny" action enforced by both standard and extended ACLs.

Inbound Traffic: For the purpose of defining where the switch applies ACLs to filter traffic, inbound

traffic is any IP packet that enters the switch from a given client on a given port.

NAS (Network Attached Server): In this context, refers to a ProCurve switch configured for

RADIUS operation.

Permit: An ACE configured with this action allows the switch to forward an inbound packet for

which there is a match within an applicable ACL.

Permit Any Any: An abbreviated form of permit in ip from any to any, which permits any inbound IP

traffic from the authenticated source to any destination. Inbound traffic from any other sources

is denied. (Inbound traffic from a client other than the client whose authentication caused in the

ACL assignment will be denied.)

VSA (Vendor-Specific-Attribute): A value used in a RADIUS-based configuration to uniquely

identify a networking feature that can be applied to a port on a given vendor's switch during an

authenticated client session.

Wildcard: The part of a mask that indicates the bits in a packet's IP addressing that do not need to

match the corresponding bits specified in an ACL. See also ACL Mask on page 48.

Caution Regarding the Use of Source Routing

Source routing is enabled by default on the switch and can be used to override ACLs. For this reason,

if you are using ACLs to enhance network security, the recommended action is to use the no ip source-

route command to disable source routing on the switch. (If source routing is disabled in the running-

config file, the show running command includes "no ip source-route" in the running-config file listing.)

General Operation

An ACL is a list of one or more Access Control Entries (ACEs), where each ACE consists of a matching

criteria and an action (permit or deny). These ACEs are designed to control the network access

privileges of an authenticated client. A RADIUS-based ACL applies only to the inbound traffic from

the client whose authentication triggers the ACL assignment to the client port.

How a RADIUS Server Applies a RADIUS-Based ACL to a Switch Port. A RADIUS-based

ACL configured on a RADIUS server is identified and invoked by the unique credentials (username/

password pair or a client MAC address) of the specific client the ACL is designed to service. Where

the username/password pair is the selection criteria, the corresponding ACL can also be used for a

group of clients that all require the same ACL policy and use the same username/password pair. Where

Enhancements

Release M.10.02 Enhancements

Table of Contents

This manual is also suitable for:

Procurve 3400cl-48g Procurve 6400cl-6xg Procurve 6410cl-6xg Procurve 3400cl-24g

HP ProCurve Series 3400cl Release Notes page 59

Related Manuals for HP ProCurve Series 3400cl

Related Products for HP ProCurve Series 3400cl

This manual is also suitable for:

Table of Contents