Access Security Guide K/KA/KB.15.15
RADIUS accounting with IP attribute..........................................................................191
Operating rules for RADIUS accounting.........................................................................192
Acct-Session-ID Options in a Management Session..........................................................192
Unique Acct-Session-ID operation..................................................................................192
Common Acct-Session-ID operation................................................................................193
Radius-administered CoS and rate-limiting...........................................................................194
Radius-administered commands authorization......................................................................194
SNMP access to the switch's authentication configuration MIB...............................................194
About the dynamic removal of authentication limits...............................................................194
RADIUS operation............................................................................................................195
Switch operating rules for RADIUS.................................................................................195
Operating notes..........................................................................................................195
Commands authorization on HTTPS overview.......................................................................196
WebAgent windows when using command authorization......................................................196
MAC-based VLANs..........................................................................................................197
Messages related to RADIUS operation...................................................................................197
7 RADIUS server support for switch services..................................................199
Configuring.........................................................................................................................199
Configuring the switch to support RADIUS-assigned ACLs......................................................199
Viewing...............................................................................................................................200
Viewing the currently active per-port CoS and rate-limiting configuration.................................200
Viewing CLI-configured rate-limiting and port priority for ports...............................................202
Using..................................................................................................................................203
ACE syntax configuration options in a RADIUS server, using the standard attribute in an IPv4 ACL
(Example).......................................................................................................................203
Using HP VSA 63 to assign IPv6 and IPv4 ACLs...................................................................204
Using HP VSA 61 to assign IPv4 ACLs................................................................................206
Displaying the current RADIUS-assigned ACL activity on the switch.........................................207
Overview............................................................................................................................210
About RADIUS server support............................................................................................211
RADIUS client and server requirements...........................................................................211
Optional HP PCM and IDM network management applications.........................................211
RADIUS server configuration for CoS (802.1p priority) and rate-limiting..............................211
Applied rates for RADIUS-assigned rate limits.................................................................212
Per-port bandwidth override..........................................................................................213
Ingress (inbound) traffic...........................................................................................213
Egress (outbound) traffic..........................................................................................213
Configuring and using dynamic (RADIUS-assigned) access control lists...............................214
Overview of RADIUS-assigned, dynamic ACLs............................................................214
Traffic applications.................................................................................................214
Contrasting RADIUS-assigned and static ACLs.................................................................216
How a RADIUS server applies a RADIUS-assigned ACL to a client on a switch port..............217
Multiple clients sharing the same RADIUS-assigned ACL..............................................218
Effect of multiple ACL application types on an interface...............................................218
General ACL features, planning, and configuration..........................................................218
The packet-filtering process...........................................................................................219
Operating rules for RADIUS-assigned ACLs.....................................................................219
Configuring an ACL in a RADIUS server.........................................................................220
Nas-Filter-Rule-Options.................................................................................................220
ACE syntax in RADIUS servers......................................................................................222
Configuration notes.....................................................................................................224
Explicitly permit IPv4 and IPv6 traffic from an authenticated client.................................224
Explicitly permit only the IPv4 traffic from an authenticated client...................................225
Explicitly denying inbound traffic from an authenticated client.......................................225
10 Contents