Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
721722723724725726727728729730
ICMP type
Fragments
Radius-assigned DACLs have a unique name based on the supplicant MAC address.
The ACLs downloaded from the RADIUS server must match the syntax of Dell EMC Networking OS. The system discards any
rule that does not match the syntax. For more information about ACL configuration, see Dell EMC Configuration Guide and Dell
EMC Command Line Reference Guide .
NOTE: Do not modify the downloaded RADIUS-assigned DACLs using the OS9 CLI as they are generated dynamically from
the RADIUS server.
NOTE: Any change in the filter such as adding a new filter rule and removing a filter rule take effect only after re-
authentication of the supplicant.
To view the RADIUS-assigned DACL, use show ip accounting access-list or show dot1x interface commands.
show ip accounting access-list output:
DellEMC#show ip accounting access-list
!
Extended Ingress IP access list test on GigabitEthernet 1/1
Total cam count 15
seq 5 permit ip host 1.1.1.1 host 2.2.2.2
seq 6 permit ip host 4.4.4.4 host 5.5.5.5
seq 12 deny ip host 1.1.1.1 host 2.2.2.2
seq 17 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)
seq 22 deny ip host 100.0.0.1 host 200.0.0.100 count (0 packets)
seq 27 deny ip any any count (0 packets)
seq 32 permit tcp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535 monitor no-drop
order 254
seq 37 permit ip host 1.1.1.1 host 2.2.2.2 dscp 63 ecn 3 fragments log monitor no-
drop order 254
seq 42 permit ip any host 150.0.0.100 dscp 63 ecn 3
seq 47 permit ip 100.0.0.0/28 200.0.0.0/23
seq 52 permit ip 100.0.0.0/16 any
seq 57 permit icmp host 1.1.1.1 200.0.0.0/23
seq 62 permit icmp any 200.0.0.0/27
seq 67 permit icmp host 1.1.1.1 any
seq 72 permit udp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535
!
Extended Ingress IP access list __Rad1_64883d1000 on GigabitEthernet 1/1(Radius-ACL)
Total cam count 4
seq 5 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)
seq 10 deny ip host 100.0.0.1 host 100.0.0.2 count (0 packets)
seq 15 permit ip host 100.0.0.10 host 150.0.0.100 count (0 packets)
seq 20 deny ip host 100.0.0.10 host 100.0.0.2 count (0 packets)
!
Optimized Extended Ingress IP access list test on stack-unit 2 port_pipe 0 applied on
GigabitEthernet 2/1
Total cam count 15
seq 5 permit ip host 1.1.1.1 host 2.2.2.2
seq 6 permit ip host 4.4.4.4 host 5.5.5.5
seq 12 deny ip host 1.1.1.1 host 2.2.2.2
seq 17 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)
seq 22 deny ip host 100.0.0.1 host 200.0.0.100 count (0 packets)
seq 27 deny ip any any count (0 packets)
seq 32 permit tcp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535 monitor no-drop
order 254
seq 37 permit ip host 1.1.1.1 host 2.2.2.2 dscp 63 ecn 3 fragments log monitor no-
drop order 254
seq 42 permit ip any host 150.0.0.100 dscp 63 ecn 3
seq 47 permit ip 100.0.0.0/28 200.0.0.0/23
seq 52 permit ip 100.0.0.0/16 any
seq 57 permit icmp host 1.1.1.1 200.0.0.0/23
seq 62 permit icmp any 200.0.0.0/27
seq 67 permit icmp host 1.1.1.1 any
seq 72 permit udp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535
!
Extended Ingress IP access list __Rad1_388f179100 on GigabitEthernet 2/1(Radius-
ACL)Supplicant MAC-38:8f:17:91:00:00
Total cam count 4
seq 5 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)
Security
729