Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
301302303304305306307308309310
Authentication, Authorization, and Accounting 301
administrator can override the port configuration and add a manually
configured ACL. If the administrator adds an ACL, only the DACL is
removed when the session ends.
The switch does not alter the dynamic ACL IP address filter; IP source
addresses in the DACL are not altered to use the supplicant IP address.
The dynamic ACL is supported for 802.1X auto mode for a port configured in
access or general mode. Dynamic ACLs are ignored/rejected on ports
configured for multi-session or MAC-based mode. The Access-Accept is
treated as an Access-Reject and the port is not authorized. A log message
indicating same is issued (Interface X/X/X not authorized.
Dynamic ACL XXXX not supported in 802.1X MAC-based
mode). No Acct-Start packet is sent and an EAP-Failure is sent to the 802.1X
client.
Only one dynamic IPv4 ACL and one dynamic IPv6 ACL may be associated
with an 802.1X session (for a total of two access-groups per 802.1X session).
Only two named ACLs (one IPv4 and one IPv6) are supported (for a total of
two access groups per 802.1X session) per received Access-Accept.
Dynamic ACLs are supported for ports configured in 802.1X Monitor Mode.
Syntax errors are logged in the Monitor Mode log. Monitor mode behavior is
not altered, for example, if sufficient information to allow access the host to
the port is present, the host is allowed access to the port.
Dynamic ACLs are subject to the same hardware scale limitations as static
ACLs. If the ACL cannot be applied (resource limitation), then the Access-
Accept is treated as an Access-Reject and the port is not authorized. A log
message indicating same is issued (Interface X/X/X not
authorized. ACL received from RADIUS server exceeds
available resources). No Acct-Start packet is sent and an EAP-Failure
is sent to the 802.1X client.
Dynamic ACLs may not exceed the size of a single RADIUS Access-Accept
packet. There is no support for multiple packet ACLs. (Max dynamic ACL is
4000 ASCII characters). There is no support for Downloadable ACLs where
the NAS sends a request to the RADIUS server to retrieve an ACL.