Configuring And Using Radius-Assigned Access Control Lists; Introduction; Terminology - ProCurve 2610 Manual

Configuring RADIUS Server Support for Switch Services

Configuring and Using RADIUS-Assigned Access Control Lists

6-6
Configuring and Using
RADIUS-Assigned Access Control Lists

Introduction

A RADIUS-assigned ACL is a dynamic port ACL configured on a RADIUS
server and assigned by the server to filter traffic entering the switch through
a specific port from an authenticated client. Note that client authentication
can be enhanced by using ProCurve Manager with the optional IDM applica­
tion. (Refer to "Optional PCM and IDM Applications" on page 6-2.)
The information in this section describes how to apply RADIUS-assigned,
dynamic port ACLs on the switch, and assumes a general understanding of
ACL structure and operation. If you need information on ACL filtering criteria,
design, and operation, please refer to chapter 9, "Access Control Lists (ACLs)".

Terminology

ACE: See Access Control Entry, below.
Access Control Entry (ACE): An ACE is a policy consisting of a packet-
handling action and criteria to define the packets on which to apply the
action. For dynamic port ACLs, the elements composing the ACE include:
• permit or drop (action)
• i n < ip-packet-type > from any (source)
• to < ip-address [/ mask ] | any > (destination)
[ port-# ] (optional TCP or UDP application port numbers used when
•
the packet type is TCP or UDP)
ACL: See Access Control List, below.
Access Control List (ACL): A list (or set) consisting of one or more
explicitly configured Access Control Entries (ACEs) and terminating with
an implicit "deny" default which drops any IP packets that do not have a
match with any explicit ACE in the named ACL. An ACL can be "standard"
or "extended". See "Standard ACL" and "Extended ACL". Both can be
applied in any of the following ways:
• Static Port ACL: an ACL assigned to filter inbound traffic on a specific
switch port