HPE Community
Comware Based
1820117 Members
3284 Online
109619 Solutions
New Discussion

Can 3Com 4500 ACL + port-security work together?

 
machiAWS
Occasional Contributor

‎01-14-2013 01:20 AM - last edited on ‎11-26-2013 11:23 PM by

‎01-14-2013 01:20 AM - last edited on ‎11-26-2013 11:23 PM by

Can 3Com 4500 ACL + port-security work together?

Hi,

 

Is it possible that 3Com 4500 ACL + port-security working together.

 

I want to using ACL to control with IP can be access the port and port-security is using for limit the max number of MAC when can across to the port.  Disable the port otherwise.

 

Individual is work either port-security or ACL.  However, when done a test which is like the following confining

 

Problem:

- The IP address when did not listed in ACL can be across the port

 

see any advise from here.  Thanks!

 

#
 port-security enable                
 port-security timer disableport 30   

 

#

acl number 3001
 rule 0 deny IP                              
 rule 1 permit IP source 192.168.40 0    
 rule 2 permit IP source 192.168.41 0     

 rule 3 permit IP source 192.168.43 0  
#

 

 

interface Ethernet1/0/19
 port-security max-mac-count 3                
 port-security port-mode autolearn           
 port-security intrusion-mode disableport-temporarily       
 mac-address security 0d0c-29gd-01fc vlan 1           
 mac-address security 0d0c-29c3-2845 vlan 1
 mac-address security 7ccc-cb4e-59f4 vlan 1
 packet-filter inbound ip-group 3001 rule 0     
 packet-filter inbound ip-group 3001 rule 1     
 packet-filter inbound ip-group 3001 rule 2     
 packet-filter inbound ip-group 3001 rule 3    
#

 

P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to Comware-Based. -HP Forum Moderator

 

0 Kudos
1 REPLY 1
Graham Hurst
Advisor

‎03-04-2013 05:47 PM - edited ‎03-04-2013 06:01 PM

‎03-04-2013 05:47 PM - edited ‎03-04-2013 06:01 PM

Re: Can 3Com 4500 ACL + port-security work together?

This is not a feature that is supported by the 4500 series switches, but is by the 5500 series. To apply dynamic ACLs, you need to define qos-profiles (that in turn reference packet-filters), ensure no qos-profiles or packet-filters are statically set on the port and use the Filter-Id RADIUS AVP to return the desired qos-profile's name in the Access-Accept.

 

Sorry!

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.