Dell 6200 SERIES manual Authentication Server Filter Assignment, Access Control Lists ACLs, 111

Models: 6200 SERIES

1 176
Download 176 pages 5.47 Kb
Page 111
Image 111

Authentication Server Filter Assignment

The PowerConnect 6200 Series switches allow the external 802.1X Authenticator or RADIUS server to assign DiffServ policies to users that authenticate to the switch. When a host (supplicant) attempts to connect to the network through a port, the switch contacts the 802.1X authenticator or RADIUS server, which then provides information to the switch about which DiffServ policy to assign the host (supplicant). The application of the policy is applied to the host after the authentication process has completed.

To enable filter assignment by an external server, the following conditions must be true:

1The port that the host is connected to must be enabled for MAC-based port access control by using the following command in Interface Config mode:

dot1x port-control mac-based

2The RADIUS or 802.1X server must specify the policy to assign.

For example, if the DiffServ policy to assign is named internet_access, include the following attribute in the RADIUS or 802.1X server configuration:

Filter-id = “internet_access”

3The DiffServ policy specified in the attribute must already be configured on the switch, and the policy names must be identical.

For information about configuring a DiffServ policy, see "Differentiated Services" on page 143. The section, "Example #1: DiffServ Inbound Configuration" on page 144," describes how to configure a policy named internet_access.

NOTE: If the policy specified within the server attribute does not exist on the switch, authentication will fail.

Access Control Lists (ACLs)

This section describes the Access Control Lists (ACLs) feature.

Overview

Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources.

ACLs can also provide traffic flow control, restrict contents of routing updates, and decide which types of traffic are forwarded or blocked. Normally ACLs reside in a firewall router or in a router connecting two internal networks.

The PowerConnect 6200 Series switch supports ACL configuration in both the ingress and egress direction. Egress ACLs provide the capability to implement security rules on the egress flows rather than the ingress flows. Ingress and egress ACLs can be applied to any physical port (including 10G), or port- channel, or VLAN routing port.

Device Security

111

Page 111
Image 111
Dell 6200 SERIES manual Authentication Server Filter Assignment, Access Control Lists ACLs, 111