Enhancements
Release M.10.02 Enhancements
packet (from the authenticated client) that is not explicitly permitted or denied by other ACEs configured sequentially earlier in the ACL. Unless otherwise noted, “implicit deny IP any” refers to the “deny” action enforced by both standard and extended ACLs.
Inbound Traffic: For the purpose of defining where the switch applies ACLs to filter traffic, inbound traffic is any IP packet that enters the switch from a given client on a given port.
NAS (Network Attached Server): In this context, refers to a ProCurve switch configured for RADIUS operation.
Permit: An ACE configured with this action allows the switch to forward an inbound packet for which there is a match within an applicable ACL.
Permit Any Any: An abbreviated form of permit in ip from any to any, which permits any inbound IP traffic from the authenticated source to any destination. Inbound traffic from any other sources is denied. (Inbound traffic from a client other than the client whose authentication caused in the ACL assignment will be denied.)
VSA
Wildcard: The part of a mask that indicates the bits in a packet’s IP addressing that do not need to match the corresponding bits specified in an ACL. See also ACL Mask on page 48.
Caution Regarding the Use of Source Routing
Source routing is enabled by default on the switch and can be used to override ACLs. For this reason, if you are using ACLs to enhance network security, the recommended action is to use the no ip source- route command to disable source routing on the switch. (If source routing is disabled in the running- config file, the show running command includes “no ip
An ACL is a list of one or more Access Control Entries (ACEs), where each ACE consists of a matching criteria and an action (permit or deny). These ACEs are designed to control the network access privileges of an authenticated client. A
How a RADIUS Server Applies a
49