7-19
Configuring RADIUS Server Support for Switch Services
Configuring and Using Dynamic (RADIUS-Assigned) Access Control Lists
actual IP traffic inbound from any client on the switch carries a source MAC
address unique to that client. The RADIUS-assigned ACL uses this MAC
address to identify the traffic to be filtered.)
Effect of Multiple ACL Application Types on an Interface.
The switch
allows simultaneous use of all supported ACL application types on an inter-
face. Thus, a static ACL assigned to an interface filters authenticated client
traffic, regardless of whether a RADIUS-assigned ACL is also filtering the
client’s traffic. For more information, refer to “Multiple ACLs on an Interface”
on page 10-19.
General ACL Features, Planning, and Configuration
These steps suggest a process for using RADIUS-assigned ACLs to establish
access policies for client IP traffic.
1.
Determine the polices you want to enforce for authenticated client traffic
inbound on the switch.
2.
Plan ACLs to execute traffic policies:
•
Apply ACLs on a per-client basis where individual clients need differ-
ent traffic policies or where each client must have a different user-
name/password pair or will authenticate using MAC authentication.
•
Apply ACLs on a client group basis where all clients in a given group
can use the same traffic policy and the same username/password pair.
3.
Configure the ACLs on a RADIUS server accessible to the intended clients.
4.
Configure the switch to use the desired RADIUS server and to support the
desired client authentication scheme. Options include 802.1X, Web
authentication, or MAC authentication. (Note that the switch supports the
option of simultaneously using 802.1X with either Web or MAC authenti-
cation.)
5.
Test client access on the network to ensure that your RADIUS-assigned
ACL application is properly enforcing your policies.
For further information common to all IPv4 or IPv6 ACL applications, refer to
the latest versions of the following manuals for your switch:
Chapter Title
Manual
IPv4 Access Control Lists
Access Security Guide
IPv6 Access Control Lists
IPv6 Configuration Guide
Содержание E3800 Series
Страница 1: ...HP Switch Software E3800 switches Software version KA 15 03 September 2011 Access Security Guide ...
Страница 2: ......
Страница 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Страница 30: ...xxviii ...
Страница 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Страница 186: ...4 72 Web and MAC Authentication Client Status ...
Страница 290: ...6 74 RADIUS Authentication Authorization and Accounting Dynamic Removal of Authentication Limits ...
Страница 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Страница 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 659: ...14 11 Configuring and Monitoring Port Security Port Security Figure 14 5 Examples of Show Mac Address Outputs ...
Страница 730: ...20 Index ...
Страница 731: ......