Users Guide
298 Authentication, Authorization, and Accounting
Predefined or Dynamic ACL Selection
Send the following Cisco VSA (009/001) av-pair (26) attribute syntax from
the RADIUS server in the Access-Accept message to select an ACL that is
already configured on the switch. The ACL must be preconfigured on the
switch. The extended-access-control-list-name is the name or number of an
existing ACL. The standard-access-control-list-name is the number of an
existing ACL. The ACL need not be statically preconfigured on the port prior
to RADIUS configuring the ACL when authorizing the port. All statically-
configured ACLs on a port are removed prior to configuring the dynamic ACL
and authorizing the port. The ACL applied is considered state, not
configuration and is not shown in the running-config.
Syntax
ip:inacl={standard-access-control-list-name | extended-access-
control-list-name }
ipv6:inacl={standard-access-control-list-name | extended-access-
control-list-name }
• The ip before the colon indicates an existing IPv4 ACL name or number
follows the equals sign.
• The ipv6 before the colon indicates an IPv6 ACL name or number follows
the equals sign.
• The token standard-access-control-list-name means a Dell EMC Standard
ACL identified by the decimal number after the equals sign.
• The token extended-access-control-list-name means a Dell EMC IP/IPv6
Extended ACL identified by the decimal number or the name of an
preconfigured ACL. The range numbers are not restricted to ranges as in
other vendor implementations.
• The tokens ip:inacl and ipv6:inacl are in lower case and are followed by an
equals sign with no intervening white space.
Predefined ACL Examples
ip:inacl=Named_ACL
ipv6:inacl=Named_IPv6_ACL