Enhancements
Release M.10.02 Enhancements
■An ACL must be configured on the RADIUS server (instead of the switch) by creating and assigning one or more Access Control Entries to the username/password pair or MAC address of the client for which you want ACL support.
■Where 802.1X is used for client authentication, then either the client device must be running 802.1X supplicant software or the capability must exist for the client to download this software from the network through use of the 802.1X Open VLAN mode available on the switch. (If authentication is achieved through Web or MAC Authentication, then 802.1X supplicant software is not required.)
A
This feature is designed to accept dynamic configuration of a
This feature enhances network and switch management access security by permitting or denying authenticated client access to specific network resources and to the switch management interface. This includes preventing clients from using TCP or UDP applications (such as Telnet, SSH, Web browser, and SNMP) if you do not want their access privileges to include these capabilities.
Note
A
ACLs enhance network security by blocking selected IP traffic, and can serve as one aspect of network security. However, because ACLs do not protect from malicious manipulation of data carried in IP packet transmissions, they should not be relied upon for a complete edge security solution.
The ACLs described in this section do not screen
Table 4, highlights several key differences between the static ACLs configurable on 3400cl switch ports and the dynamic ACLs that can be assigned to individual ports by a RADIUS server. (The switch supports either one
46