Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N3000 Series
271272273274275276277278279280
276 Authentication, Authorization, and Accounting
Dynamic ACL Overview
NOTE: This feature is only supported in 802.1X-enabled configurations.
Dynamic ACLs allow operators to administer bespoke network access policies
from a central location (the RADIUS server). Access policies are enforced via
the use of ACLs or DiffServ policy installed for the duration of the user
session. Unique policies can be assigned based upon the user
credentials/location/time of day and other information presented to the
RADIUS server during the authentication process. The benefit to the end
user is that the policy can follow the user around the network, regardless of
where the network is accessed. The benefit to the network administrator is
that policy can be configured once for the user and does not need to be
configured on multiple devices.
IEEE 802.1X port-control auto mode ports may be configured to accept
802.1X authentication for both the data VLAN and voice VLAN using host
modes multi-domain or multi-domain multi-host. In this case, both
authentications may contain DACL references or definitions. The DACLs are
applied and removed for each authentication session independently of the
other sessions, however, the DACLs scope is at the port level and are capable
Table 9-7. Supported TACACS+ Attributes
Attribute Name Exec Authorization Command
Authorization
Accounting
cmd both (optional) sent sent
cmd-arg sent
elapsed-time sent
priv-lvl received
protocol sent
roles both (optional)
service=shell both sent sent
start-time sent
stop-time sent