HP 3400CL-24G 70

Enhancements

Release M.10.02 Enhancements

Client’s Username (802.1X or Web Authentication)

Client’s Password (802.1X or Web Authentication)

mobile011 Auth-Type:= Local, User-Password == run101112 HP-IP-FILTER-RAW = “permit in tcp from any to 10.10.10.101”,

HP-IP-FILTER-RAW += “deny in tcp from any to any”, HP-IP-FILTER-RAW += “permit in ip from any to any”

Client’s Username (MAC Authentication)			Client’s Password ((MAC Authentication)ti ti )

08E99C4F0019 Auth-Type:= Local, User-Password == 08E99C4F0019 HP-IP-FILTER-RAW = “permit in tcp from any to 10.10.10.101”,

HP-IP-FILTER-RAW += “deny in tcp from any to any”, HP-IP-FILTER-RAW += “permit in ip from any to any”

Note that when the client MAC address is used for authentication, this address is used in both the username and password spaces in the entry.

Figure 8. Example of Configuring the FreeRADIUS Server To Support ACLs for the Indicated Clients

Format Details for ACEs Configured in a RADIUS-Based ACL.

Any instance of a RADIUS-Based ACL is structured to filter authenticated client traffic as follows:

■Applies only to inbound client traffic on the switch port the authenticated client is using.

■Allows only the “any” source address (for any authenticated IP device connected to the port).

■Applies to all IP traffic from the authenticated client or to a specific type of IP traffic type from the client. Options include TCP, UDP, or any other type of IP traffic that is identified by an IP protocol number. (More information on protocol numbers is provided in the following ACL syntax description.)

■Has one of the following destination types:

•A specific IP address

•A contiguous series of IP address or an entire subnet

•Any IP address

■Where the traffic type is either TCP or UDP, the ACE can optionally include one or more TCP or UDP port numbers.

60

Contents

Release Notes: Version M.10.72 Software Release Notes: Page Contents Page Page Page Page Page Page Page Software Management Software Updates Download Switch Documentation and Software from the Web Downloading Software to the Switch TFTP Download from a Server Xmodem Download From a PC or Unix Workstation Page Saving Configurations While Using the CLI Install Recommendations for I.08.12 Boot ROM Update ProCurve Switch, Routing Switch, and Router Software Keys Page Minimum Software Versions for Series 3400cl Switch Features OS/Web/Java Compatibility Table Enforcing Switch Security Switch Management Access Security Local Manager Password Inbound Telnet Access and Web Browser Access Secure File Transfers SNMP Access (Simple Network Management Protocol) Physical Access to the Switch Other Provisions for Management Access Security Network Access Security Secure Shell (SSH) Secure Socket Layer (SSLv3/TLSv1) Traffic/Security Filters 802.1X Access Control Port Security, MAC Lockdown, MAC Lockout, and IP Lockdown Key Management System (KMS) Connection-RateFiltering Based On Virus-ThrottlingTechnology Identity-DrivenManagement (IDM) Clarifications and Updates Operating Notes for Jumbo Traffic-Handling Non-Genuine Mini-GBICDetection and Protection Initiative Publication Updates IGMP Command Update General Switch Traffic Security Guideline The Management VLAN IP Address Interoperating with 802.1s Multiple Spanning-Tree Rate-Limiting Known Issues Enhancements Release M.08.69 Enhancements Release M.08.70 through M.08.72 Enhancements Release M.08.73 Enhancements Release M.08.74 through M.08.77 Enhancements Release M.08.78 Enhancements Release M.08.79 Enhancements Release M.08.80 through M.08.83 Enhancements Release M.08.84 Enhancements Release M.08.85 through M.08.88 Enhancements Release M.08.89 Enhancements Page Page Page Page Page Page Using SNMP To View and Configure Switch Authentication Features Page Page Releases M.08.90 and M.08.91 Enhancements QoS Pass-ThroughMode Page Page Release M.08.94 Enhancements Page UDP Broadcast Forwarding Releases M.08.95 through M.10.01 Enhancements Release M.08.96 Enhancements Releases M.08.97 through M.10.01 Enhancements Release M.10.02 Enhancements RADIUS-AssignedAccess Control Lists (ACLs) Page Page Terminology General Operation The Packet-filteringProcess Page Page Page General Steps Determining Traffic Policies Planning the ACLs Needed To Enforce Traffic Policies Operating Rules for RADIUS-BasedACLs Limits for RADIUS-BasedACLs, Associated ACEs, and Counters Configuring an ACL in a RADIUS Server Page Page Page Configuring the Switch To Support RADIUS-BasedACLs Page Displaying the Current RADIUS-BasedACL Activity on the Switch Page Event Log Messages Causes of Client Deauthentication Immediately After Authenticating SFlow Show Commands Page Release M.10.04 Enhancements Page Page Page Page TCP/UDP Port Closure Page Spanning Tree Show Commands Page Release M.10.05 Enhancements Release M.10.06 Enhancements Release M.10.07 Enhancements Release M.10.08 Enhancements Release M.10.09 Enhancements Page Configuration Considerations Configuring UDLD Page Viewing UDLD Information Page Page Configuration Warnings and Event Log Messages Release M.10.10 Enhancements Spanning Tree Per-PortBPDU Filtering Viewing Status of BPDU Filtering Viewing Configuration of BPDU Filtering Releases M.10.11 through M.10.12 Enhancements Release M.10.13 Enhancements Releases M.10.14 through M.10.16 Enhancements Release M.10.17 Enhancements Terminology Configuring STP BPDU Protection Viewing BPDU Protection Status Release M.10.21 Enhancements Release M.10.22 Enhancements Page Release M.10.23 Enhancements Release M.10.24 Enhancements Release M.10.25 Enhancements Release M.10.26 Enhancements Release M.10.27 Enhancements Page Release M.10.28 Enhancements Release M.10.29 Enhancements Release M.10.30 Enhancements Release M.10.31 Enhancements Release M.10.32 Enhancements Release M.10.33 Enhancements Page Example of Untagged VLAN Assignment in a RADIUS-BasedAuthentication Session Page Page Enabling the Use of GVRP-LearnedDynamic VLANs in Authentication Sessions Release M.10.34 Enhancements Release M.10.35 Enhancements Page Page Page Page Page Release M.10.36 Enhancements Release M.10.37 Enhancements Configuring MSTP Port Connectivity Parameters Page Release M.10.38 Enhancements Send SNMP v2c Informs Release M.10.39 Enhancements RADIUS Server Unavailable Page Page ARP Age Timer Increase Page Release M.10.40 Enhancements Release M.10.41 Enhancements Release M.10.42 Enhancements Release M.10.43 Enhancements Page Page Page Page Potential Issues with Bindings Adding a Static Binding Page Page Release M.10.44 through M.10.64 Enhancements Release M.10.65 Enhancements Page Page Page Release M.10.66 Enhancements Page Page Release M.10.67 Enhancements Release M.10.68 Enhancements Release M.10.69 Enhancements Release M.10.70 Enhancements Release M.10.71 Enhancements Release M.10.72 Enhancements Software Fixes in Release M.08.51 - M.10.72 Release M.08.52 Release M.08.53 (Never Released) Release M.08.54 Release M.08.55 - Release M.08.60 Page Release M.08.62 Release M.08.63 Release M.08.64 Release M.08.65 Release M.08.66 Release M.08.67 Release M.08.68 Release M.08.69 Release M.08.70 Release M.08.71 Release M.08.72 Release M.08.73 Release M.08.74 Release M.08.75 Release M.08.76 Release M.08.77 Release M.08.78 Release M.08.79 Release M.08.80 Release M.08.81 Release M.08.82 Release M.08.83 Release M.08.84 Release M.08.85 Release M.08.86 Release M.08.87 Release M.08.88 Release M.08.89 Release M.08.90 Release M.08.91 Release M.08.92 Release M.08.93 Release M.08.94 Release M.08.95 Release M.08.96 Release M.08.97 Release M.10.01 Release M.10.02 Release M.10.03 Release M.10.04 Release M.10.05 Release M.10.06 Release M.10.07 Release M.10.08 Release M.10.09 Release M.10.10 Release M.10.11 Release M.10.12 Release M.10.13 Release M.10.14 Release M.10.15 Release M.10.16 Release M.10.17 Release M.10.18 - Release M.10.19 Release M.10.20 Release M.10.21 Release M.10.22 Release M.10.23 Release M.10.24 Release M.10.25 Release M.10.26 Release M.10.27 Release M.10.28 Release M.10.29 Release M.10.30 Release M.10.31 Release M.10.32 Release M.10.33 Release M.10.34 Release M.10.35 Release M.10.36 Release M.10.37 Release M.10.38 Release M.10.39 Release M.10.40 Release M.10.41 Release M.10.42 Release M.10.43 Release M.10.44 Release M.10.45 Release M.10.46 Release M.10.47 Release M.10.48 Release M.10.49 Release M.10.50 through M.10.64 Release M.10.65 Release M.10.66 Release M.10.67 Release M.10.68 Release M.10.69 Release M.10.70 Page Release M.10.71 Release M.10.72