Manualshelf

Setup Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
771772773774775776777778779780
Allocate CAM for RADIUS-assigned DACL
Allocate the CAM region to use the RADIUS-assigned DACL. Reload the switch for the CAM allocation to take eect.
To allocate a CAM region for RADIUS-assigned DACL, use the cam-acl command. Enter the radius-v4acl allocation as a factor of 2
(2,4,6,8). The maximum number of FP blocks allocated for RADIUS-assigned DACLs is 8.
NOTE: Dell EMC Networking OS displays an error when a CAM region is not allocated for RADIUS-assigned DACLs and does not
authenticate the supplicant.
To allocate the space for RADIUS-assigned DACL, use the following command:
Allocate a CAM region to apply RADIUS-assigned DACL.
EXEC mode
cam-acl {default | l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number
l2pt number ipmacacl number vman-qos | vman-dual-qos number ecfmacl number nlbcluster number
ipv4pbr number openflow number | fcoe number iscsioptacl number [vrfv4acl number] radius-
v4acl number
The maximum ACL entries supported are 1024.
Verify CAM allocation
To verify the CAM allocated for RADIUS-assigned DACL, use show cam-acl command.
DellEMC#show cam-acl
-- Chassis Cam ACL --
Current Settings(in block sizes)
1 block = 256 entries
L2Acl : 2
Ipv4Acl : 4
Ipv6Acl : 2
Ipv4Qos : 2
L2Qos : 1
L2PT : 0
IpMacAcl : 0
VmanQos : 0
EcfmAcl : 0
iscsiOptAcl : 0
ipv4pbr : 0
vrfv4Acl : 0
Openflow : 0
fedgovacl : 0
nlbclusteracl : 0
radiusv4acl : 2
Congure RADIUS-assigned DACL
The switch assigns a RADIUS-assigned DACL to a port or user regardless of any statically congured ACLs on a port or VLAN to which the
port is assigned.
NAS applies RADIUS-assigned DACLs using two ways:
1 RADIUS NAS-Filter-Rule attribute - The RADIUS server pushes the dened DACLs when a supplicant gets authenticated. The ACLs
are not pre-provisioned in the NAS.
2 RADIUS lter-ID attribute - The RADIUS server indicates the ACL congured in the NAS to be applied to the supplicant and sends the
lter name to be used in the NAS. For the lter-ID attribute to work, the switch or NAS must have ACLs pre-congured before the
supplicants connect to the NAS.
Security
773