HP ProCurve Series 3400cl Release Notes page 74

Procurve series

Hide thumbs Also See for ProCurve Series 3400cl:

Management manual (664 pages)

Management and configuration manual (508 pages)

Access security manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

page of 197

/ 197
Contents
Table of Contents
Bookmarks

Table of Contents

Enhancements

Release M.10.02 Enhancements

Displaying the Current RADIUS-Based ACL Activity on the Switch

These commands output data indicating the current ACL activity imposed per-port by RADIUS server

responses to client authentication.

Syntax: show access-list radius < port-list >

For the specified ports, this command lists the explicit ACEs, switch port, and client MAC

address for the ACL dynamically assigned by a RADIUS server as a response to client

authentication. If cnt (counter) is included in an ACE, then the output includes the current

number of inbound packet matches the switch has detected in the current session for that

ACE.

Note: If there are no ACLs currently assigned to any port in < port-list >, executing this

command returns the following message:

Port < port-# >, No RADIUS ACLs applied on this port.

If a client authenticates but the server does not return a RADIUS-based ACL to the client

port, then the server does not have a valid ACL configured and assigned to that client's

authentication credentials.

For example, the following output shows that a RADIUS server has assigned an ACL to port 10 to

filter inbound traffic from an authenticated client identified by a MAC address of 00-11-85-C6-54-7D.

ProCurve# show access-list radius 10

Radius-configured Port-based ACL for

Port 10, Client -- 001185C6547D

deny in tcp from any to 10.15.240.184 23 cnt

Packet Hit Counter : 0

deny in tcp from any to 10.15.240.184 80 cnt

Packet Hit Counter : 0

permit in tcp from any to 10.15.240.184 7

permit in udp from any to 10.15.240.184 7

deny in tcp from any to 10.15.240.184 161 cnt

Packet Hit Counter : 0

deny in udp from any to 10.15.240.184 161 cnt

Packet Hit Counter : 0

permit in ip from any to any

Figure 9. Example Showing a RADIUS-Based ACL Application to a Currently Active Client Session

Indicates MAC address identity of the

authenticated client on the specified port. This

data identifies the client to which the ACL

applies.

Lists "deny" ACE for Inbound Telnet (23 = TCP

port number) traffic, with counter configured to

show the number of matches detected.

Lists current counter for the preceeding

"Deny" ACE.

Lists "permit" ACE for inbound TCP and UDP

traffic, with no counters configured.

Note that the implicit "deny any/any" included

automatically at the end of every ACL is not

visible in ACL listings generate by the switch.

Table of Contents

This manual is also suitable for:

Procurve 3400cl-48g Procurve 6400cl-6xg Procurve 6410cl-6xg Procurve 3400cl-24g

HP ProCurve Series 3400cl Release Notes page 74

Related Manuals for HP ProCurve Series 3400cl

Related Products for HP ProCurve Series 3400cl

This manual is also suitable for:

Table of Contents