- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Support for dACL on HP 5130 switches
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-08-2018 07:06 AM
10-08-2018 07:06 AM
Support for dACL on HP 5130 switches
Hi Experts,
I am running following:
<NAC-5130-2>dis version
HPE Comware Software, Version 7.1.070, Release 3208P03
Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP
HPE 5130 48G PoE+ 4SFP+ EI Switch uptime is 6 weeks, 5 days, 22 hours, 13 minutes
Last reboot reason : User reboot
Boot image: flash:/5130ei-cmw710-boot-r3208p03.bin
Boot image version: 7.1.070, Release 3208P03
Compiled Dec 14 2017 18:00:00
System image: flash:/5130ei-cmw710-system-r3208p03.bin
System image version: 7.1.070, Release 3208P03
Compiled Dec 14 2017 18:00:00
Slot 1:
Uptime is 6 weeks,5 days,22 hours,13 minutes
5130-48G-PoE+-4SFP+ (370W) EI JG937A with 1 Processor
BOARD TYPE: 5130-48G-PoE+-4SFP+ (370W) EI JG937A
DRAM: 1024M bytes
FLASH: 512M bytes
PCB 1 Version: VER.B
Bootrom Version: 147
CPLD 1 Version: 002
Release Version: HPE 5130 48G PoE+ 4SFP+ EI JG937A-3208P03
Patch Version : None
Reboot Cause : UserReboot
[SubSlot 0] 48GE+4SFP Plus
We are implementing Cisco NAC solution and there is use case where we would be pushing dACL from Cisco NAC solution to the switch.
To test this out I tried to push dACL using the nas-filter-rule as well as HP-Nas-filter-Rule.
Cisco NAC pushed the rule from the attribute using the Authz Profile, but there was nothing seen on the switch.
How do I check if the dACL has been pushed on switch?
Or if this model and version of switch and OS does not support dACL?
Any pointers much appreciated.
- Tags:
- dACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-09-2018 06:26 AM
10-09-2018 06:26 AM
Re: Support for dACL on HP 5130 switches
Hello
You can specify an ACL for an 802.1X user to control its access to network resources. After the user
passes 802.1X authentication, the authentication server assigns the ACL to the access port to filter traffic
from this user. The authentication server can be the local access device or a RADIUS server. In either case,
you must configure the ACL on the access device.
To ensure a successful ACL assignment, make sure the ACL does not contain rules that match source MAC
addresses .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-12-2018 03:12 AM
10-12-2018 03:12 AM
Re: Support for dACL on HP 5130 switches
Is there is option that I can use to push any additional ACL using Radius server, as you can do in case of Aruba switches?
Configured this way on Cisco NAC:
As like I can see here in this output:
2930F-VSF# show port-access authenticator clients ethernet 1/5 detailed
Port Access Authenticator Client Status Detailed
Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No
Use LLDP data to authenticate [No] : No
Client Base Details :
Port : 1/5
Client Status : Authenticated Session Time : 15 seconds
Client name : enguyend Session Timeout : 0 seconds
IP : 10.226.236.26 MAC Address : 28d244-7d16b6
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 40 Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 1000FDx
RADIUS ACL List :
deny in ip from any to 10.70.195.18
permit in ip from any to any
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP