Explicitly denying inbound traffic from an authenticated client
Any of the following three options for ending a RADIUS-assigned ACL explicitly deny all of the client's inbound IPv4 and IPv6 traffic not previously permitted or denied.
Nas-filter-Rule += deny in ip from any to any
HP-Nas-Filter-Rule += deny in ip from any to any
Nas-filter-Rule += deny in ip from any to any HP-Nas-Rules-IPv6=2