HP ProCurve 6400cl Series Access Security Manual page 171
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
Note
Configuring a RADIUS Server To Specify Per-Port CoS and Rate-Limiting Services
If a RADIUS-based ACL permits an authenticated client's inbound IP packet,
but the client port belongs to a VLAN for which there is an inbound, VLAN-
based ACL configured on the switch, then the packet will also be filtered by
the VLAN-based ACL.
Test packet against
criteria in first ACE.
Yes
Is there a
match?
No
Test the packet against
cr teria in second ACE.
i
Yes
Is there a
match?
No
Test packet against
criteria
in Nth ACE.
Yes
Is there a
match?
No
Deny the packet
End
(invoke imp
licit
deny any
).
Figure 6-11. The Packet-Filtering Process in an ACL with N Entries (ACEs)
RADIUS Authentication and Accounting
Perform action
End
(permit or deny).
Perform action
End
(permit or deny).
Perform action
End
(permit or deny).
1. If a match is not found with
the first ACE in an ACL, the
switch proceeds to the next
ACE and so on.
2. If a match with an explicit
ACE is subsequently found,
the packet is either permit -
ted (forwarded) or denied
(dropped), depending on
the action specified in the
matching ACE. In this case
the switch gnores all sub -
i
sequent ACEs in the ACL.
3. If a match is not found with
any explic t ACE n the ACL,
i
i
the switch invokes the
impl
icit deny IP any at the
end of every ACL, and
drops the packet.
Note: If the l st inc udes a
i
l
permit IP any entry, no
packets can reach the
implicit deny IP any at the
end of the list. A so, a
l
permit IP any ACE at any
poi
nt in an ACL defeats the
purpose of any subsequent
ACEs in the st.
li
6-31
Advertisement
Table of Contents
