Access Security Guide K/KA/KB.15.15
Static port ACL
any inbound IPv4 traffic on that port.
RADIUS-assigned ACL
on a port having an ACL assigned by a RADIUS server to filter an authenticated client's traffic,
filters inbound IPv4 and IPv6 traffic from that client For information on RADIUS-assigned ACLs,
see “RADIUS server support for switch services” (page 199).
ACL Mirroring
Beginning with software release K.14.01, ACL mirroring per VLAN, port, and trunk interfaces is
deprecated in favor of a classifier-based rate-limiting feature that does not use ACLs. If ACL mirroring
is already configured in a switch running software version K.13.xx, then downloading and booting
from release K.14.01 or greater automatically modifies the deprecated configuration to conform
to the classifier-based rate-limiting supported in release K.14.01 or greater. For more information
on this topic, see “Classifier-Based Software Configuration” in the latest Advanced Traffic
Management Guide for your switch.
Connection-Rate ACL:
An optional feature used with Connection-Rate filtering based on virus-throttling technology.
See “Virus throttling (connection-rate filtering)” (page 53).
RACL applications
RACLs filter routed IPv4 traffic entering or leaving the switch on VLANs configured with the "in"
and/or "out" ACL option
Syntax
vlan vid ip access-group identifier < in | out >
For example, in Figure 224 (page 307):
• Assign either an inbound ACL on VLAN 1 or an outbound ACL on VLAN 2 to filter a packet
routed between subnets on different VLANs; that is, from the workstation 10.28.10.5 on VLAN
1 to the server at 10.28.20.99 on VLAN 2. An outbound ACL on VLAN 1 or an inbound ACL
on VLAN 2 would not filter the packet.
• Where multiple subnets are configured on the same VLAN, use either inbound or outbound
ACLs to filter routed IPv4 traffic between the subnets on the VLAN. Traffic source and destination
IP addresses must be on devices external to the switch.
Figure 224 RACL filter applications on routed IPv4 traffic
Overview 307