Product guide

ManualsBrandsProCurve ManualsComputer equipment6200yl

221

222

223

224

225

226

227

228

229

230

7-21

Configuring RADIUS Server Support for Switch Services

Configuring and Using RADIUS-Assigned Access Control Lists

Any instance of a dynamic port ACL is structured to filter authenticated client

traffic as follows:

■ Applies only to inbound client traffic on the switch port the authenti-

cated client is using.

■ Allows only the “any” source address (for any authenticated IP device

connected to the port).

■ Applies to all IP traffic from the authenticated client or to a specific

type of IP traffic type from the client. Options include TCP, UDP, or

any other type of IP traffic that is identified by an IP protocol number.

(More information on protocol numbers is provided in the following

ACL syntax description.) Has one of the following destination types:

• A specific IP address

• A contiguous series of IP address or an entire subnet

• Any IP address

■ Where the traffic type is either TCP or UDP, the ACE can optionally

include one or more TCP or UDP port numbers.

Configuring ACE Syntax in RADIUS Servers

The following syntax and operating information applies to ACLs configured

in a RADIUS server.

ACE Syntax:

< permit | deny > in < ip | ip-protocol-value > from any to < ip-addr > [/< mask > ] | > [ tcp/udp-ports] [cnt ]

< permit | deny >: Specifies whether to forward or drop the identified IP traffic type from the

authenticated client. (For information on explicitly permitting or denying all inbound IP

traffic from an authenticated client, or for implicitly denying all such IP traffic not already

permitted or denied, refer to “Configuration Notes” on page 7-22.)

in: Required keyword specifying that the ACL applies only to the traffic inbound from the

authenticated client.

< ip | ip-protocol-value >: Options for specifying the type of traffic to filter.

ip: This option applies the ACL to all IP traffic from the authenticated client.

ip-protocol-value: This option applies the ACL to the type of IP traffic specified by either

a protocol number or by

tcp or udp. The range of protocol numbers is 0-255, and you

can substitute 6 for TCP or 17 for UDP. (Protocol numbers are defined in RFC 2780.

For a complete listing, refer to “Protocol Numbers” under “Protocol Number Assign-

ment Services” on the Web site of the Internet Assigned Numbers Authority at

www.iana.com.) Some examples of protocol numbers include:

1 = ICMP 17 = UDP

2 = IGMP 41 = IPv6

6 = TCP