Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

721

722

723

724

725

726

727

728

729

730

cam-acl {default | l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number

l2pt number ipmacacl number vman-qos | vman-dual-qos number ecfmacl number nlbcluster

number ipv4pbr number openflow number | fcoe number iscsioptacl number [vrfv4acl number]

radius-v4acl number

The maximum ACL entries supported are 1024.

To verify the CAM allocated for RADIUS-assigned DACL, use show cam-acl command.

DellEMC#show cam-acl

-- Chassis Cam ACL --

Current Settings(in block sizes)

1 block = 256 entries

L2Acl : 2

Ipv4Acl : 4

Ipv6Acl : 2

Ipv4Qos : 2

L2Qos : 1

L2PT : 0

IpMacAcl : 0

VmanQos : 0

EcfmAcl : 0

iscsiOptAcl : 0

ipv4pbr : 0

vrfv4Acl : 0

Openflow : 0

fedgovacl : 0

nlbclusteracl : 0

radiusv4acl : 2

Configure RADIUS-assigned DACL

The switch assigns a RADIUS-assigned DACL to a port or user regardless of any statically configured ACLs on a port or VLAN to

which the port is assigned.

NAS applies RADIUS-assigned DACLs using two ways:

1. RADIUS NAS-Filter-Rule attribute - The RADIUS server pushes the defined DACLs when a supplicant gets authenticated.

The ACLs are not pre-provisioned in the NAS.

2. RADIUS filter-ID attribute - The RADIUS server indicates the ACL configured in the NAS to be applied to the supplicant and

sends the filter name to be used in the NAS. For the filter-ID attribute to work, the switch or NAS must have ACLs pre-

configured before the supplicants connect to the NAS.

NOTE:

The system displays error when both the filter-ID and RADIUS Filter Rule attributes are sent in the same RADIUS

Access-Accept frame.

RADIUS NAS-Filter-Rule attribute

The switch or NAS saves the RADIUS-assigned DACL rules under a filter name derived from the supplicant MAC addresses. The

NAS dynamically generates a filter for the rules downloaded through the RADIUS NAS-Filter-Rule attribute. The names of the

downloaded filter rules have a prefix __Rad followed by the supplicant MAC addresses.

The RADIUS NAS-Filter-Rule attribute indicates the filter rules to be applied for a specific supplicant. The RADIUS server

includes the RADIUS NAS-Filter-Rule attribute in the Access-Accept frame sent to the switch.

Dell EMC Networking OS supports only the certain filters when configuring the ACLs in the RADIUS server.

Supported filters in RADIUS-assigned DACLs are:

● L3 protocol number

● Source IP address

● Destination IP address

● TCP and UDP port numbers

● DSCP

● ECN

728

Security