Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

161

162

163

164

165

166

167

168

169

170

168 | Mobility Access Switch Configuration for 802.1X Authentication Dell Networking W-ClearPass Deployment Guide

LDAPServer Configuration Task

If you are using an LDAP server for user authentication, you need to configure the LDAP server on the Mobility

Access Switch, and configure user IDs and passwords.

RADIUS Server Configuration Task

If you are using a RADIUS server for user authentication, you need to configure the RADIUS server on the

Mobility Access Switch:

l For details, see Configuring Authentication with a RADIUS Server on page 166.

l For the CLI example, see Examples of Common 802.1X Configuration Tasks Via the CLI on page 176).

Configuring Access Control Lists

To provide flexibility for controlling traffic, ArubaOS in Mobility Access Switches supports multiple types of

Access Control Lists (ACLs).

l Ethertype ACL

Ethertype ACLs filter based on the Ethertype field in the frame header. Ethertype ACLs can be either named

or numbered, with valid numbers in the range from 200 to 299. These ACLs can be used to permit IP, while

blocking other non-IP protocols, such as IPX or AppleTalk.

l MAC ACL

MAC ACLs filter traffic on a specific source MAC address or range of MAC addresses. MAC ACLs can be

either named or numbered, with valid numbers in the range from 700 to 799 and 1200 to 1299.

l Standard IP ACL

Standard ACLs permit or deny traffic based on the source IP address of the packet. Standard ACLS can be

either named or numbered, with valid numbers in the range from 1 to 99 and 1300 to 1399. Standard

ACLs use a bit-wise mask to specify the portion of the source IP address to be matched.

l Extended IP ACL

Extended ACLs permit or deny traffic based on the source or destination IP address, or the IP protocol.

Extended ACLs can be named or numbered, with valid numbers in the range from 100 to 199 and 2000 to

2699.

l Stateless ACL

Stateless ACLs define stateless packet filtering and quality of service (QoS). A stateless ACL statically

evaluates packet contents. The traffic in the reverse direction is allowed unconditionally.

Note that you can use names only when configuring stateless ACLs.

Configuring a Stateless ACL

To configure a stateless ACL:

(DellSwitch)(config) #'''ip access-list stateless STATELESS'''

(DellSwitch)(config-stateless-STATELESS)#'''any host 192.16.0.100 tcp 0 65535 permit'''

Applying a Stateless ACL on a Physical Interface

To apply a stateless ACL on a physical interface:

(DellSwitch) (config) #'''interface gigabitethernet 0/0/8'''

(DellSwitch) (gigabitethernet "0/0/8") #'''ip access-group in STATELESS'''

Applying a Stateless ACL to a User Role

To apply a stateless ACL to a user role: