This template adds an ACL (Access Control List) to an edge port when a video camera connects.
The profile configures and applies an ACL onto a switch port when a user authenticates. This ACL blocks a particular IP address from accessing the video camera and assigns the user to QoS (Quality of Service) profile 7.
#*********************************************** # Last Updated: March 9, 2007 # Tested Devices: Dlink DCS 1110 # Requirements: netlogin configured and enabled on deployment ports #*********************************************** # @MetaDataStart # @ScriptDescription "This is a template for configuring the switch for the right environment for this webcam. It creates a dynamic access-list to restrict access" # @Description "VLAN name to add to port" # set var vlan1 voiceavaya # @VariableFieldLabel "Set QoS Profile (yes or no)" # set var setQuality yes # @Description "QoS Profile (0-100)" # set var lowbw 50 # @VariableFieldLabel "QoS MAX Bandwidth (0-100)" # set var highbw 100 # @MetaDataEnd ################################## # Start of USER-AUTHENTICATE block ################################## if (!$match($EVENT.NAME,USER-AUTHENTICATED)) then ############ #QoS Profile ############ # Adds a QOS profile to the port # if (!$match($setQuality,yes)) then # create log message Config_QOS # configure port $EVENT.USER_PORT qosprofile qp7 # configure qosprofile qp7 minbw $lowbw maxbw $highbw ports $EVENT.USER_PORT # endif # ############ #ACL Section ############ # Adds an ACL to stop traffic to a particular address create log message Config_ACL create access-list webcamblock "destination-address 192.168.10.220/32" "deny" configure access-list add webcamblock first port $EVENT.USER_PORT #endif # endif ################################ # End of USER-AUTHENTICATE block ################################ # # #################################### # Start of USER-UNAUTHENTICATE block #################################### if (!$match($EVENT.NAME,USER-UNAUTHENTICATED)) then # create log message Starting_8021x_Generic_UNATUH_Module_Config # if (!$match($setQuality,yes)) then # create log message UNConfig_QOS # unconfig qosprofile ports $EVENT.USER_PORT # endif # unconfigure inline-power operator-limit ports $EVENT.USER_PORT #### remove acl configure access-list delete webcamblock port $EVENT.USER_PORT delete access-list webcamblock endif ################################## # End of USER-UNAUTHENTICATE block ################################## create log message End_802_1x_Generic_Module_Config
Print
this page
Email this topic
Feedback
View PDF
Download EPUB