Enhancements

Release M.10.02 Enhancements

Item

Limit Notes

Per-Port Mask Usage

ACLs consume per-port (internal) mask resources rapidly and can be affected by

 

IGMP usage on the same switch. For more on this topic, refer to the “ACL

 

Resource Usage and Monitoring” and “Extended ACLs” subsections in the

 

chapter titled “Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl

 

Switches” of the Advanced Traffic Management Guide for your 3400cl switch.

 

 

Configuring an ACL in a RADIUS Server

This section provides general guidelines for configuring a RADIUS server to specify RADIUS-based ACLs. Also included is an example configuration for a FreeRADIUS server application. However, to configure support for these services on a specific RADIUS server application, please refer to the documentation provided with the application.

Elements in a RADIUS-Based ACL Configuration. A RADIUS-based ACL configuration in a RADIUS server has the following elements:

vendor and ACL identifiers:

ProCurve (HP) Vendor-Specific ID: 11

Vendor-Specific Attribute for ACLs: 61 (string = HP-IP-FILTER-RAW)

Setting: HP-IP-FILTER-RAW = < “permit” or “deny” ACE >

(Note that the “string” value and the “Setting” specifier are identical.)

ACL configuration, including:

one or more explicit “permit” and/or “deny” ACEs created by the system operator

implicit deny in ip from any to any ACE automatically active after the last operator-created

ACE

ACEs define the ACL for a given client:

A given ACE configuration on a RADIUS server includes the identity of the client to which it applies. That is, the ACE includes the client username/password pair or the client device’s MAC address.

All ACEs configured on a RADIUS server for the same client are interpreted as belonging to the same ACL. (There is no ACL name or number configured on the RADIUS server.)

Example of Configuring a RADIUS-based ACL Using the FreeRADIUS Application. This example illustrates one method for configuring RADIUS-based ACL support for two different client identification methods (username/password and MAC address). For information on how to configure this functionality on other RADIUS server types, refer to the documentation provided with the server.

1.Enter the HP vendor-specific ID and the ACL VSA in the FreeRADIUS dictionary file:

58

Page 68
Image 68
HP 3400CL-24G manual Configuring an ACL in a Radius Server, Limit Notes