10-19
IPv4 Access Control Lists (ACLs)
Overview
■
For 802.1X or MAC authentication methods, clients can authenticate
regardless of their IP version (IPv4 or IPv6).
■
For the Web authentication method, clients must authenticate using
IPv4. However, this does not prevent the client from using a dual
stack, or the port receiving a RADIUS-assigned ACL configured with
ACEs to filter IPv6 traffic.
■
The RADIUS server must support IPv4 and have an IPv4 address.
(RADIUS clients can be dual stack, IPv6 only, or IPv4 only.)
■
802.1X rules for client access apply to both IPv6 and IPv4 clients for
RADIUS-assigned ACLs. Refer to “802.1X User-Based and Port-Based
Applications” on page 10-18.
Multiple ACLs on an Interface
The switch allows multiple ACL applications on an interface (subject to
internal resource availability). This means that a port belonging to a given
VLAN “X” can simultaneously be subject to all of the following:
Table 10-1. Per-Interface Multiple ACL Assignments
ACL Type
ACL Application
Dynamic
(RADIUS-
Assigned) ACLs
one
port-based
ACL (for first client to authenticate on the port) or up
to 32
user-based
ACLs (one per authenticated client)
Note:
If one or more user-based, dynamic ACLs are assigned to a
port, then the only traffic allowed inbound on the port is from
authenticated clients.
IPv6 Static ACLs:
One static VACL for IPv6 traffic for VLAN “
X
” entering the switch
through the port.
One static port ACL for IPv6 traffic entering the switch on the port.
IPv4 Static ACLs:
one static VACL for IPv4 traffic for VLAN “X” entering the switch
through the port
one static port ACL for any IPv4 traffic entering the switch on the port
one connection-rate ACL for inbound IPv4 traffic for VLAN “X” on
the port (if the port is configured for connection-rate filtering) (Refer
to chapter 3, “Virus Throttling”.)
one inbound and one outbound RACL filtering routed IPv4 traffic
moving through the port for VLAN “X”. (Also applies to inbound,
switched traffic on VLAN “X” that has a destination on the switch
itself.)
Содержание E3800 Series
Страница 1: ...HP Switch Software E3800 switches Software version KA 15 03 September 2011 Access Security Guide ...
Страница 2: ......
Страница 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Страница 30: ...xxviii ...
Страница 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Страница 186: ...4 72 Web and MAC Authentication Client Status ...
Страница 290: ...6 74 RADIUS Authentication Authorization and Accounting Dynamic Removal of Authentication Limits ...
Страница 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Страница 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 659: ...14 11 Configuring and Monitoring Port Security Port Security Figure 14 5 Examples of Show Mac Address Outputs ...
Страница 730: ...20 Index ...
Страница 731: ......