24 DYNAMICALLY APPLY ACL BY RADIUS
SERVER CONFIGURATION
Introduction to
Dynamically Apply
ACL by RADIUS Server
The switch can dynamically provide pre-defined ACL rules for one or one group of
authenticated user(s) through the combination of Dynamically Apply ACL by RADIUS
Server function and 802.1x authentication function.
After you have passed the 802.1x authentication mode, the switch will dynamically
issue the corresponding ACLs to your login port according to the matching
relationship between the user name and the ACL configured on the RADIUS server.
The Dynamically Apply ACL by RADIUS Server function of the switch can restrict the
resource that the 802.1x users can access, such as the destination networks.
Introduction to
Dynamically Apply
ACL by RADIUS Server
Configurations
Figure148 Dynamically Apply ACL by RADIUS Server Configurations
\
Table590 describes the Dynamically Apply ACL by RADIUS Server configurations:
Table590 Configuring Dynamically Apply ACL by RADIUS Server
Device Configuration Configuration link
RADIUS
server
Configure user authentication information -
Configure the matching relationship between
ACL number and the user name
One ACL can match with more than
one users
Switch Enable the 802.1x authentication function:
The global 802.1x authentication function is
enabled and 802.1x authentication function is
enabled on the user access port
Refer to 10-Security Operation
module in this manual for the
related configuration procedure
Configure AAA and RADIUS:
Configure the RADIUS scheme,
Configure domain, specify the RADIUS scheme
used by the domain.
Refer to 10-Security Operation
module in this manual for the
related configuration procedure
Configure ACL:
The ACLs are pre-defined according the
restriction requirement of user.
Refer to 07-QACL Operation module
in this manual for the related
configuration procedure
AAA Server
Switch
User
Network
AAA Server
Switch
User
NetworkNetwork