.. _example_interfaces_ethernet_802.1x_authenticator_aaa_authorization_aclip:

######
Acl Ip
######

This scenario shows how to install custom ACLs from received
RADIUS messages (using NAS-Filter-Rule attributes and
according to RFC3588).

.. image:: acl.svg
  :width: 800

********************************
Test 802.1x NAS-Filter-Rule ACLs
********************************

Description
===========

DUT0 is configured with an 802.1x authenticated interface
and DUT1 is configured as a supplicant. Some ACLs are
configured in the authentication server to filter
incoming/outgoing traffic.

Scenario
========

.. include:: aclip/test802.1xnas-filter-ruleacls

.. raw:: html

  <hr>

****************************************
Test 802.1x NAS-Filter-Rule ACLs And CoA
****************************************

Description
===========

In this scenario, DUT1 is authenticated successfully and
some ACLs are configured. A CoA message is later received
from the authentication server that changes the configured
ACLs to drop non-ICMP traffic.

Scenario
========

.. include:: aclip/test802.1xnas-filter-ruleaclsandcoa

.. raw:: html

  <hr>