- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: Support for dACL on HP 5130 switches
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2018 07:06 AM
10-08-2018 07:06 AM
Support for dACL on HP 5130 switches
Hi Experts,
I am running following:
<NAC-5130-2>dis version
HPE Comware Software, Version 7.1.070, Release 3208P03
Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP
HPE 5130 48G PoE+ 4SFP+ EI Switch uptime is 6 weeks, 5 days, 22 hours, 13 minutes
Last reboot reason : User reboot
Boot image: flash:/5130ei-cmw710-boot-r3208p03.bin
Boot image version: 7.1.070, Release 3208P03
Compiled Dec 14 2017 18:00:00
System image: flash:/5130ei-cmw710-system-r3208p03.bin
System image version: 7.1.070, Release 3208P03
Compiled Dec 14 2017 18:00:00
Slot 1:
Uptime is 6 weeks,5 days,22 hours,13 minutes
5130-48G-PoE+-4SFP+ (370W) EI JG937A with 1 Processor
BOARD TYPE: 5130-48G-PoE+-4SFP+ (370W) EI JG937A
DRAM: 1024M bytes
FLASH: 512M bytes
PCB 1 Version: VER.B
Bootrom Version: 147
CPLD 1 Version: 002
Release Version: HPE 5130 48G PoE+ 4SFP+ EI JG937A-3208P03
Patch Version : None
Reboot Cause : UserReboot
[SubSlot 0] 48GE+4SFP Plus
We are implementing Cisco NAC solution and there is use case where we would be pushing dACL from Cisco NAC solution to the switch.
To test this out I tried to push dACL using the nas-filter-rule as well as HP-Nas-filter-Rule.
Cisco NAC pushed the rule from the attribute using the Authz Profile, but there was nothing seen on the switch.
How do I check if the dACL has been pushed on switch?
Or if this model and version of switch and OS does not support dACL?
Any pointers much appreciated.
- Tags:
- dACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2018 06:26 AM
10-09-2018 06:26 AM
Re: Support for dACL on HP 5130 switches
Hello
You can specify an ACL for an 802.1X user to control its access to network resources. After the user
passes 802.1X authentication, the authentication server assigns the ACL to the access port to filter traffic
from this user. The authentication server can be the local access device or a RADIUS server. In either case,
you must configure the ACL on the access device.
To ensure a successful ACL assignment, make sure the ACL does not contain rules that match source MAC
addresses .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2018 03:12 AM
10-12-2018 03:12 AM
Re: Support for dACL on HP 5130 switches
Is there is option that I can use to push any additional ACL using Radius server, as you can do in case of Aruba switches?
Configured this way on Cisco NAC:
As like I can see here in this output:
2930F-VSF# show port-access authenticator clients ethernet 1/5 detailed
Port Access Authenticator Client Status Detailed
Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No
Use LLDP data to authenticate [No] : No
Client Base Details :
Port : 1/5
Client Status : Authenticated Session Time : 15 seconds
Client name : enguyend Session Timeout : 0 seconds
IP : 10.226.236.26 MAC Address : 28d244-7d16b6
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 40 Out Limit Kbps : Not Set
Tagged VLANs : No Tagged VLANs
Port Mode : 1000FDx
RADIUS ACL List :
deny in ip from any to 10.70.195.18
permit in ip from any to any