3com 5500-SI Manual Do Utilizador
526
C
HAPTER
24: D
YNAMICALLY
A
PPLY
ACL
BY
RADIUS S
ERVER
C
ONFIGURATION
Configuration
Example
Example
This section contains a configuration example.
Network requirements
The switch implements the Dynamically Apply ACL by RADIUS Server function for the
access users.
access users.
The IP address of the VLAN interface, which connects the switch and the RADIUS
Server, is 10.153.1.1.
Server, is 10.153.1.1.
The encryption key of the NAS ( that is the switch ) is aaaa.
The user name is test and its authentication password is test. It is accessed on
Ethernet1/0/1 of the switch and belongs to the test163.net domain. Its corresponding
ACL is ACL 3000 and the content of ACL 3000 is to forbid the users to access the
10.153.1.0/24.
Ethernet1/0/1 of the switch and belongs to the test163.net domain. Its corresponding
ACL is ACL 3000 and the content of ACL 3000 is to forbid the users to access the
10.153.1.0/24.
The IP address of the user PC is 10.153.1.9.
Take Shiva access manager as the RADIUS server, the IP address of the server is
10.153.1.2. Note that, the Shiva use the 1645 and 1646 as the authentication and
account port number.
10.153.1.2. Note that, the Shiva use the 1645 and 1646 as the authentication and
account port number.
Network diagram
Figure 149 QoS configuration example
AAA Server
Switch
User
Network
AAA Server
Switch
User
Network
Network