10-19
Access Control Lists (ACLs)
Overview
Static Port ACL and Dynamic Port ACL Applications
■ Static Port ACL: filters any IP traffic inbound on the designated port,
regardless of whether it is switched or routed.
■ Dynamic (RADIUS-assigned) Port ACL: filters IP traffic inbound
from the client whose authentication resulted in the ACL assignment
to the designated port. For example, client “A” connects to a given
port and is authenticated by a RADIUS server. Because the server is
configured to assign an ACL to the port used by the authenticated
client, all IP traffic inbound on the port from client “A” is filtered.
Effect of Dynamic Port ACLs When Multiple Clients Are Using the
Same Port. Some network configurations may allow multiple clients to
authenticate through a single port where a RADIUS server assigns a separate,
dynamic port ACL in response to each client’s authentication on that port. In
such cases, a given client’s inbound traffic will be allowed only if the RADIUS
authentication response for that client includes a dynamic port ACL. For
example, in figure 10-3 (below), clients A through D authenticate through the
same port (B1) on the 5400zl switch.
Figure 10-3. Example of Multiple Clients Authenticating Through a Single Port
In this case, the RADIUS server must be configured to assign a dynamic port
ACL to port B1 each time any of the clients authenticates on the port.
Unmanaged
Switch
RADIUS
Server
Client D
Client C
5400zl
Client A
Client B
10.100.0.0
LAN
Port B1
Comments to this Manuals