Administrator Guide

Backend State: Idle

The NAS dynamically applies the ACLs that are created using a OS9 CLI to a supplicant after authentication. Dell EMC Networking OS

allows to apply the same filter for user ACL and RADIUS ACL on different interfaces.

NOTE: It is not recommended to configure the same filter both as a user ACL and RADIUS ACL on an interface.

Any change in the filter such as adding a new filter rule and removing a filter rule takes effect immediately on the RADIUS ACL as the rules

are provisioned in the NAS.

When the filter rules have unsupported filters, the NAS ignores all the unsupported filters and applies only the supported filters in the filter

rules.

If a filter name that is not configured in the NAS is used, NAS creates a filter without any filter rules and authorizes the supplicant with

that name with no filter rules.

seq 5 permit ip host 1.1.1.1 host 2.2.2.2

seq 6 permit ip host 4.4.4.4 host 5.5.5.5

seq 12 deny ip host 1.1.1.1 host 2.2.2.2

seq 17 permit ip host 100.0.0.1 host 150.0.0.100 count (0 packets)

seq 22 deny ip host 100.0.0.1 host 200.0.0.100 count (0 packets)

seq 27 deny ip any any count (0 packets)

seq 32 permit tcp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535 monitor no-drop order

254

seq 37 permit ip host 1.1.1.1 host 2.2.2.2 dscp 63 ecn 3 fragments log monitor no-drop

order 254

seq 72 permit udp 1.1.1.1 1.1.1.1 eq 65535 2.2.2.2 2.2.2.2 eq 65535

!

Extended Ingress IP access list test1 on GigabitEthernet 1/1(Radius-ACL)

Total cam count 3

seq 5 permit ip host 10.10.10.10 host 20.20.20.20 count (0 packets)

seq 10 permit ip host 100.0.0.1 host 200.0.0.100 count (0 packets)

seq 15 deny ip host 100.0.0.1 host 111.0.0.100 count (0 packets)

!

Optimized Extended Ingress IP access list test on stack-unit 2 port_pipe 0 applied on

GigabitEthernet 2/1