RADIUS-assigned (dynamic) port ACL applications

Dynamic (RADIUS-assigned) port ACLs are configured on RADIUS servers and can be configured to filter IPv4 and IPv6 traffic inbound from clients authenticated by such servers. For example, in Figure 5: Example of VACL filter applications on IPv6 traffic entering the switch, client "A" connects to a given port and is authenticated by a RADIUS server. Because the server is configured to assign a dynamic ACL to the port, the IPv4 and IPv6 traffic inbound on the port from client "A" is filtered. See also Operating notes for IPv6 applications.

NOTE:

Beginning with software release K.14.01, IPv6 support is available for RADIUS-assigned port ACLs configured to filter inbound IPv4 and IPv6 traffic from an authenticated client. Also, the implicit deny in RADIUS-assigned ACLs applies to both IPv4 and IPv6 traffic inbound from the client. For information on enabling RADIUS-assigned ACLs, see chapter "Configuring RADIUS Support for Switch Services" in this guide.