Configuring And Using Radius-Assigned Access Control Lists; Introduction; Terminology - HP ProCurve 6120G/XG Manual

Configuring and Using
RADIUS-Assigned Access Control Lists

Introduction

A RADIUS-assigned ACL is configured on a RADIUS server and dynamically
assigned by the server to filter traffic entering the switch through a specific
port after the client is authenticated by the server. Note that client authenti­
cation can be enhanced by using ProCurve Manager with the optional IDM
application. (Refer to "Optional PCM and IDM Applications" on page 6-3.)
The information in this section describes how to apply RADIUS-assigned ACLs
on the switch, and assumes a general understanding of ACL structure and
operation. If you need information on ACL filtering criteria, design, and
operation, please refer to chapter 9, "IPv4 Access Control Lists (ACLs)".

Terminology

ACE: See Access Control Entry, below.
Access Control Entry (ACE): An ACE is a policy consisting of a packet-
handling action and criteria to define the packets on which to apply the
action. For RADIUS-assigned ACLs, the elements composing the ACE
include:
• permit or drop (action)
• in < ip-packet-type > from any (source)
• to < ip-address [/ mask ] | any > (destination)
• [ port-# ] (optional TCP or UDP application port numbers used when
the packet type is TCP or UDP)
ACL: See Access Control List, below.
Access Control List (ACL): A list (or set) consisting of one or more
explicitly configured Access Control Entries (ACEs) and terminating with
an implicit "deny" default which drops any IP packets that do not have a
match with any explicit ACE in the named ACL. An ACL can be "standard"
or "extended". See "Standard ACL" and "Extended ACL". Both can be
applied in any of the following ways:
• Static Port ACL: an ACL assigned to filter inbound traffic on a specific
switch port
Configuring RADIUS Server Support for Switch Services

Configuring and Using RADIUS-Assigned Access Control Lists

6-9