Enhancements
Release M.10.02 Enhancements
Limits forTable 5 describes limits the switch supports in ACLs applied by a RADIUS server. Exceeding a limit causes the related client authentication to fail.
Table 5. Limits Affecting
Item | Limit | Notes |
|
Maximum Number of | 1 | One | |
Authenticated Client |
| client is already using a | |
Sessions |
| requiring a | |
| attempt by the second client will fail. |
| |
|
|
| |
Maximum Number of | Up to | Depending on how a | |
(internal) ACEs | 120* | internal ACEs. A | |
and Maximum Number of |
| numbers uses one internal ACE. However, an ACE that includes TCP or UDP port | |
(internal) ACEs |
| numbers uses one or more internal ACE resources, depending on the port number | |
|
| groupings. A single TCP or UDP port number or a series of contiguous port | |
|
| numbers comprise one group. For example, “80” and | |
|
| group. “135, | |
|
| examples illustrate how the switch applies internal ACE usage. |
|
|
| Examples of Single and Multiple (Internal) ACEs | Internal |
|
|
| ACEs |
|
| deny in ip from any to any | 1 |
|
| deny in tcp from any to any | 1 |
|
| deny in tcp from any to any 80 | 1 |
|
| permit in tcp from any to any 135, | 3 |
|
| permit in tcp from any to any | 6 |
|
| permit in tcp from any to any | 2 |
*Uses shared internal resources, which can affect the
Maximum Number of | 80 — |
Characters in an ACE |
|
Maximum Number of (optional) Internal Counters Used
32Depending on how an ACE is formed, using the cnt (counter) option consumes one or more internal counters. Using a counter in an ACE that does not specify TCP or UDP port numbers uses one counter. Using a counter in an ACE that includes TCP or UDP port numbers uses one or more counters, depending on the port number groupings. A single TCP or UDP port number or a series of contig- uous port numbers comprise one group. For example, “80” and
Examples of ACE Usage of Internal Counters | Counters |
deny in ip from any to any cnt | 1 |
deny in tcp from any to any cnt | 1 |
deny in tcp from any to any 80 cnt | 1 |
permit in tcp from any to any 135, | 3 |
permit in tcp from any to any | 6 |
permit in tcp from any to any | 2 |
57