Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

721

722

723

724

725

726

727

728

729

730

seq 10 deny ip host 100.0.0.1 host 100.0.0.2 count (0 packets)

seq 15 permit ip host 100.0.0.10 host 150.0.0.100 count (0 packets)

show dot1x interface output:

DellEMC#show dot1x interface gigabitethernet 1/3

802.1x information on Gi 1/3:

-----------------------------

Dot1x Status: Enable

Port Control: AUTO

Re-Authentication: Disable

Guest VLAN: Disable

Guest VLAN id: NONE

Auth-Fail VLAN: Disable

Auth-Fail VLAN id: NONE

Auth-Fail Max-Attempts: NONE

Critical VLAN: Disable

Critical VLAN id: NONE

Mac-Auth-Bypass: Disable

Mac-Auth-Bypass Only: Disable

Static-MAB: Disable

Static-MAB Profile: NONE

Tx Period: 30 seconds

Quiet Period: 60 seconds

ReAuth Max: 2

Supplicant Timeout: 30 seconds

Server Timeout: 30 seconds

Re-Auth Interval: 3600 seconds

Max-EAP-Req: 2

Host Mode: MULTI_AUTH

Max-Supplicants: 128

Port status and State info for Supplicant: 06:32:42:61:00:00

Port Auth Status: AUTHORIZED

Untagged VLAN id: None

ACL Name: __Rad_3_632426100

Auth PAE State: Authenticated

Backend State: Idle

Filter-Id attribute

The NAS dynamically applies the ACLs that are created using a OS9 CLI to a supplicant after authentication. Dell EMC

Networking OS allows to apply the same filter for user ACL and RADIUS ACL on different interfaces.

NOTE: It is not recommended to configure the same filter both as a user ACL and RADIUS ACL on an interface.

Any change in the filter such as adding a new filter rule and removing a filter rule takes effect immediately on the RADIUS ACL

as the rules are provisioned in the NAS.

When the filter rules have unsupported filters, the NAS ignores all the unsupported filters and applies only the supported filters

in the filter rules.

If a filter name that is not configured in the NAS is used, NAS creates a filter without any filter rules and authorizes the

supplicant with that name with no filter rules.

To view the RADIUS-assigned DACL, use show ip accounting access-list or show dot1x interface commands.

show ip accounting access-list output:

DellEMC#show ip accounting access-list

Extended Ingress IP access list test on GigabitEthernet 1/1

Total cam count 15

seq 5 permit ip host 1.1.1.1 host 2.2.2.2

seq 6 permit ip host 4.4.4.4 host 5.5.5.5

seq 12 deny ip host 1.1.1.1 host 2.2.2.2

seq 17 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)

seq 22 deny ip host 100.0.0.1 host 200.0.0.100 count (0 packets)

seq 27 deny ip any any count (0 packets)

730

Security