ONEPolicy Dynamic ACLs at Authentication

This feature expands on the existing ability to use ONEPolicy dynamic access control lists (ACLs) by implementing them with Access-Accept responses, in addition to the previous ability to apply them with Change of Authorization (CoA).

The dynamic policy ACL feature uses the existing RADIUS Access-Accept and change of authorization (CoA) mechanism to override existing policy rules associated with a user by including a new vendor specific attribute (VSA) in the CoA and Access-Accept. When a CoA request or Access-Accept response to apply a particular set of match conditions and actions (or an action-set) is received, a look-up is performed to determine which policy profile the specified user was authenticated in, and the action-set ID specified in the CoA/Access-Accept is applied in that user‘s profile.

Supported Platforms

ExtremeSwitching X450-G2, X460-G2, X670-G2, X440-G2, X465, X590, X620, X690, X695, X870, 5520 series switches.

Limitations