1. Home
  2. D-Link
  3. D-Link DGS-1520 User Manual
  4. Page 594

D-Link DGS-1520 Dgs-1210 Smart Managed Gigabit Switches

User Manual - Page 594

For DGS-1520.

PDF File Manual, 598 pages, Read Online | Download pdf file

DGS-1520 photo
Loading ...
Loading ...
Loading ...
DGS-1520 Series Gigabit Ethernet Smart Managed Switch Web UI Reference Guide
584
does not configure the VLAN attributes, when the port is not guest VLAN member, it will be kept in its current
authentication VLAN, and when the port is guest VLAN member, it will be assigned to its original VLAN.
To assign the ACL by the RADIUS server, the proper parameters should be configured on the RADIUS server. The
table below shows the parameters for an ACL.
VSA14 ACL Script
The parameters of the Vendor-Specific Attribute are:
RADIUS Tunnel Attribute Description Value Usage
Vendor-ID Defines the vendor. 171 (DLINK) Required
Vendor-Type Defines the attribute. 14 (for ACL script) Required
Attribute-Specific Field Used to assign the ACL script.
The format is based on Access
Control List (ACL) Commands.
ACL Script
For example:
ip access-list a1;permit host
10.90.90.100;exit; mac access-
list extended m1;permit host
00-00-00-01-90-10 any; exit;
Required
If the user has configured the ACL attribute of the RADIUS server (for example, ACL script: ip access-list a1;permit
host 10.90.90.100;exit; mac access-list extended m1;permit host 00-00-00-01-90-10 any; exit;), and the 802.1X, MAC-
based Access Control, JWAC or WAC authentication is successful, the device will assign the ACL script according to
the RADIUS server. The enter Access-List Configuration Mode and exit Access-List Configuration Mode must be
a pair, otherwise the ACP script will be reject. For more information about the ACL module, please refer to Access
Control List (ACL) Commands chapter.
NAS-Filter-Rule (92)
The table below shows the parameters for NAS-Filter-Rule:
RADIUS Tunnel Attribute Description Value Usage
NAS-Filter-Rule This attribute indicates the filter
rules to be applied for the user.
A string (concatenating the
individual filter rules, separated
by a NULL (0x00) octet)
Required
Filter Rule Format
Use the permit command to add a permit entry. Use the deny command to add a deny entry.
{permit | deny} in tcp from any to {any | DST-IP-ADDR | DST-IP-NET-ADDR | DST-IPV6-ADDR | DST-IPV6-NET-
ADDR} [TCP-PORT-RANGE]
{permit | deny} in udp from any to {any | DST-IP-ADDR | DST-IP-NET-ADDR | DST-IPV6-ADDR | DST-IPV6-NET-
ADDR} [UDP-PORT-RANGE]
{permit | deny} in icmp from any to {any | DST-IP-ADDR | DST-IP-NET-ADDR | DST-IPV6-ADDR | DST-IPV6-NET-
ADDR} [ICMP-TYPE]
{permit | deny} in ip from any to {any | DST-IP-ADDR | DST-IP-NET-ADDR | DST-IPV6-ADDR | DST-IPV6-NET-
ADDR}
{permit | deny} in IP-PROT-VALUE from any to {any | DST-IP-ADDR | DST-IP-NET-ADDR | DST-IPV6-ADDR |
DST-IPV6-NET-ADDR}
Parameters
Parameter Description
in
Specifies the ingress traffic.
Loading ...
Loading ...
Loading ...