.. _example_interfaces_ethernet_authenticator_aaa_authorization_aclip:
######
Acl Ip
######
.. sidebar:: Contents
.. contents::
:depth: 2
:local:
This scenario shows how to install custom ACLs from received
RADIUS messages (using "NAS-Filter-Rule" attributes and
according to RFC3588).
.. image:: acl.svg
:width: 400
********************************
Test 802.1x NAS-Filter-Rule ACLs
********************************
Description
===========
DUT0 is configured with an 802.1x-authenticated interface
and DUT1 is configured as a supplicant. Some ACLs are
configured in the authentication server to filter
incoming/outgoing traffic.
Scenario
========
.. include:: aclip/test802.1xnas-filter-ruleacls
.. raw:: html
****************************************
Test 802.1x NAS-Filter-Rule ACLs And CoA
****************************************
Description
===========
In this scenario, DUT1 is properly authenticate and
some ACLs are configured. A CoA message is later received
from the authentication server that changes the configured
ACLs to drop non-ICMP traffic.
Scenario
========
.. include:: aclip/test802.1xnas-filter-ruleaclsandcoa
.. raw:: html
*****************************
Test MAB NAS-Filter-Rule ACLs
*****************************
Description
===========
DUT0 is configured with a MAB-authenticated interface.
Some ACLs are configured in the authentication server to
filter incoming/outgoing traffic based on NAS-Filter-Rule
attributes received after MAC authentication.
Scenario
========
.. include:: aclip/testmabnas-filter-ruleacls
.. raw:: html
*************************************
Test MAB NAS-Filter-Rule ACLs And CoA
*************************************
Description
===========
In this scenario, DUT1 is authenticated via MAC address
and some ACLs are configured. A CoA message is later
received from the authentication server that changes the
configured ACLs to drop non-ICMP traffic.
Scenario
========
.. include:: aclip/testmabnas-filter-ruleaclsandcoa
.. raw:: html