Manualshelf

Setup Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
771772773774775776777778779780
Untagged VLAN id: None
ACL Name: __Rad_3_632426100
Auth PAE State: Authenticated
Backend State: Idle
Filter-Id attribute
The NAS dynamically applies the ACLs that are created using a OS9 CLI to a supplicant after authentication. Dell EMC Networking OS
allows to apply the same lter for user ACL and RADIUS ACL on dierent interfaces.
NOTE: It is not recommended to congure the same lter both as a user ACL and RADIUS ACL on an interface.
Any change in the lter such as adding a new lter rule and removing a lter rule takes eect immediately on the RADIUS ACL as the rules
are provisioned in the NAS.
When the lter rules have unsupported lters, the NAS ignores all the unsupported lters and applies only the supported lters in the lter
rules.
If a lter name that is not congured in the NAS is used, NAS creates a lter without any lter rules and authorizes the supplicant with that
name with no lter rules.
View RADIUS-assigned DACL
To view the RADIUS-assigned DACL, use show ip accounting access-list or show dot1x interface commands.
show ip accounting access-list output:
DellEMC#show ip accounting access-list
!
Extended Ingress IP access list test on GigabitEthernet 1/1
Total cam count 15
seq 5 permit ip host 1.1.1.1 host 2.2.2.2
seq 6 permit ip host 4.4.4.4 host 5.5.5.5
seq 12 deny ip host 1.1.1.1 host 2.2.2.2
seq 17 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)
seq 22 deny ip host 100.0.0.1 host 200.0.0.100 count (0 packets)
seq 27 deny ip any any count (0 packets)
seq 32 permit tcp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535 monitor no-drop order 254
seq 37 permit ip host 1.1.1.1 host 2.2.2.2 dscp 63 ecn 3 fragments log monitor no-drop order
254
seq 42 permit ip any host 150.0.0.100 dscp 63 ecn 3
seq 47 permit ip 100.0.0.0/28 200.0.0.0/23
seq 52 permit ip 100.0.0.0/16 any
seq 57 permit icmp host 1.1.1.1 200.0.0.0/23
seq 62 permit icmp any 200.0.0.0/27
seq 67 permit icmp host 1.1.1.1 any
seq 72 permit udp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535
!
Extended Ingress IP access list test1 on GigabitEthernet 1/1(Radius-ACL)
Total cam count 3
seq 5 permit ip host 10.10.10.10 host 20.20.20.20 count (0 packets)
seq 10 permit ip host 100.0.0.1 host 200.0.0.100 count (0 packets)
seq 15 deny ip host 100.0.0.1 host 111.0.0.100 count (0 packets)
!
Optimized Extended Ingress IP access list test on stack-unit 2 port_pipe 0 applied on
GigabitEthernet 2/1
Total cam count 15
seq 5 permit ip host 1.1.1.1 host 2.2.2.2
seq 6 permit ip host 4.4.4.4 host 5.5.5.5
seq 12 deny ip host 1.1.1.1 host 2.2.2.2
seq 17 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)
seq 22 deny ip host 100.0.0.1 host 200.0.0.100 count (0 packets)
seq 27 deny ip any any count (0 packets)
seq 32 permit tcp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535 monitor no-drop order 254
seq 37 permit ip host 1.1.1.1 host 2.2.2.2 dscp 63 ecn 3 fragments log monitor no-drop order
254
776
Security