Dynamically applying existing ACLs or MAC ACL

When a port is authenticated using 802.1X security, an IP ACL or MAC ACL that exists in the running configuration on the device can be dynamically applied to the port. To do this, you configure the Filter-ID (type 11) attribute on the RADIUS server. The Filter-Id attribute specifies the name of the IP ACL or MAC ACL.

The following table shows the syntax for configuring the Filter-Id attribute to refer to an IP ACL or MAC ACL.

Table 1. Syntax for Filter-Id attribute

Value

Description

ip.name.in

Applies the specified named ACL to the 802.1X authenticated port in the inbound direction.

ip.name.out

Applies the specified named ACL to the 802.1X authenticated port in the outbound direction.

mac.name.in

Applies the specified MAC ACL to the 802.1X authenticated port in the inbound direction.

Note

Note