Security ACL Configuration Scenario 411
4To ma p acl-99 to port 6 to filter incoming packets, type the following
command:
WX1200# set security acl map acl-99 port 6 in
mapping configuration accepted
Because every security ACL includes an implicit rule denying all traffic that
is not permitted, port 6 now accepts packets only from 192.168.1.1, and
denies all other packets.
5To ma p acl-99 to user Natasha’s sessions when you are using the local WX
database for authentication, configure Natasha in the database with the
Filter-Id attribute. Type the following commands:
WX1200# set authentication dot1x Natasha local
success: change accepted.
WX1200# set user natasha attr filter-id acl-99.in
success: change accepted.
6Alternatively, you can map acl-99 to Natasha’s sessions when you are
using a remote RADIUS server for authentication. To configure Natasha
for pass-through authentication to the RADIUS server shorebirds, type the
following command:
WX1200# set authentication dot1x Natasha pass-through
shorebirds
success: change accepted.
You must then map the security ACL to Natasha’s session in RADIUS. For
instructions, see the documentation for your RADIUS server.
7To save your configuration, type the following command:
WX1200# save config
success: configuration saved.