Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point
451452453454455456457458459460
For more information seeColubris AV-Pair keyword
primary-dnat-server-status-url
secondary-dnat-server-status-url
Access list
Access lists enable you to create public areas on your network that all users can browse, and
protected areas that are restricted to specific user accounts or groups.
Each access list is a set of rules that governs how the controller controls access to network resources.
You can create multiple access lists, each with multiple rules to manage the traffic on your public
access network.
Default setting
By default no access lists are defined. This means that:
If authentication (802.1X, WPA, HTML, MAC) is not enabled on a VSC, all users that connect
to the VSC have access to the protected network.
If authentication (802.1X, WPA, HTML, MAC) is enabled on a VSC, then:
Unauthenticated users only reach the public access login page. Access to the protected
network is blocked, except for register.procurve.com which enables product registration.
Authenticated users have access to the protected network.
How the access lists work
Access lists can be applied on the controller (site access lists), in which case they affect all user
traffic, or individually for each user account (user access lists).
Incoming traffic cascades through the currently active lists. Traffic that is accepted or denied by a
list is not available to the list that follows it. Traffic that passes through all lists without being accepted
or denied is dropped.
Access list rules that accept traffic are: ACCEPT, ACCEPT-MORE, DNAT-SERVER, and
REDIRECT.
Access list rules that deny traffic are: DENY and WARN.
The following diagram illustrates how incoming traffic from a user session is processed by the
access list mechanism.
460 Working with RADIUS attributes