Dell PowerConnect B-FCXs Configuration Manual page 1327
Powerconnect b-series fcx
Hide thumbs
Also See for PowerConnect B-FCXs:
- Hardware installation manual (86 pages) ,
- User manual (152 pages) ,
- Getting started manual (260 pages)
Table of Contents
Advertisement
•
•
•
•
•
Configuring the RADIUS server to support dynamic IP ACLs
When a port is authenticated using multi-device port authentication, an IP ACL filter that exists in
the running-config file on the Dell PowerConnect device can be dynamically applied to the port. To
do this, you configure the Filter-ID (type 11) attribute on the RADIUS server. The Filter-ID attribute
specifies the name or number of the Dell IP ACL.
The following is the syntax for configuring the Filter-ID attribute on the RADIUS server to refer to a
Dell IP ACL.
Value
ip.<number>.in
ip.<name>.in
1.
2.
The following table lists examples of values you can assign to the Filter-ID attribute on the RADIUS
server to refer to IP ACLs configured on a Dell PowerConnect device.
Possible values for the filter ID attribute on the
RADIUS server
ip.102.in
ip.fdry_filter.in
PowerConnect B-Series FCX Configuration Guide
53-1002266-01
The dynamic ACL must be an extended ACL. Standard ACLs are not supported.
Multi-device port authentication and 802.1x can be used together on the same port. However,
Dell does not recommend the use of multi-device port authentication and 802.1X with dynamic
ACLs together on the same port. If a single supplicant requires both 802.1x and multi-device
port authentication, and if both 802.1x and multi-device port authentication try to install
different dynamic ACLs for the same supplicant, the supplicant will fail authentication.
Dynamically assigned IP ACLs are subject to the same configuration restrictions as
non-dynamically assigned IP ACLs. One caveat is that ports with VE interfaces cannot have
assigned user-defined ACLs. For example, a user-defined ACL bound to a VE or a port on a VE
is not allowed. There are no restrictions on ports that do not have VE interfaces.
Dynamic ACL filters are supported only for the inbound direction. Dynamic outbound ACL filters
are not supported.
Dynamic ACL assignment with multi-device port authentication is not supported in conjunction
with any of the following features:
•
IP source guard
•
Rate limiting
•
Protection against ICMP or TCP Denial-of-Service (DoS) attacks
•
Policy-based routing
•
802.1X dynamic filter
Description
1
Applies the specified numbered ACL to the authenticated port in the inbound direction.
1
2
,
Applies the specified named ACL to the authenticated port in the inbound direction.
The ACL must be an extended ACL. Standard ACLs are not supported.
The <name> in the Filter ID attribute is case-sensitive
Configuring multi-device port authentication
ACLs configured on the Dell PowerConnect device
access-list 102 permit ip 36.0.0.0 0.255.255.255 any
ip access-list standard fdry_filter
permit host 36.48.0.3
36
1285
Advertisement
Table of Contents
Troubleshooting
