General ACL features, planning, and configuration

These steps suggest a process for using RADIUS-assigned ACLs to establish access policies for client IP traffic.

  1. Determine the polices you want to enforce for authenticated client traffic inbound on the switch.
  2. Plan ACLs to execute traffic policies:
    1. Apply ACLs on a per-client basis where individual clients need different traffic policies or where each client must have a different username/password pair or will authenticate using MAC authentication.
    2. Apply ACLs on a client group basis where all clients in a given group can use the same traffic policy and the same username/password pair.
  3. Configure the ACLs on a RADIUS server accessible to the intended clients.
  4. Configure the switch to use the desired RADIUS server and to support the desired client authentication scheme. Options include 802.1X, web-based authentication, or MAC authentication. (Note that the switch supports the option of simultaneously using 802.1X with either web-based or MAC authentication.)
  5. Test client access on the network to ensure that your RADIUS-assigned ACL application is properly enforcing your policies.

For further information common to all IPv4 or IPv6 ACL applications, see the IPv4 configuration guide or IPv6 configuration guide for your switch.