Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
291292293294295296297298299300
Authentication, Authorization, and Accounting 295
Dynamic ACL Overview
NOTE: This feature is only supported in 802.1X auto mode configuration.
Dynamic ACLs allow operators to administer bespoke network access policies
from a central location (the RADIUS server). Access policies are enforced via
the use of ACLs installed for the duration of the user session. Unique policies
can be assigned based upon the user credentials/location/time of day and
other information presented to the RADIUS server during the authentication
process. The benefit to the end user is that the policy can follow the user
around the network, regardless of where the network is accessed. The benefit
to the network administrator is that policy can be configured once for the user
and does not need to be configured on multiple devices.
IEEE 802.1X auto mode ports may be configured to accept 802.1X
authentication for both the data VLAN and voice VLAN. In this case, both
authentications may contain DACL references or definitions. The DACLs are
applied and removed for each authentication session independently of the
other sessions, however, the DACLs are applied at the port level and are
capable of filtering any matching ingress traffic, regardless of which
authentication session actually instantiated the DACL.
Table 10-7. Supported TACACS+ Attributes
Attribute Name Exec Authorization Command
Authorization
Accounting
cmd both (optional) sent sent
cmd-arg sent
elapsed-time sent
priv-lvl received
protocol sent
roles both (optional)
service=shell both sent sent
start-time sent
stop-time sent