Example Dynamic ACL VSA String
This example shows adding two rules as part of Access-Accept
operation.
Extreme-Policy-ACL = "v:1 t:a m:ipv4src=1.2.3.4/32,ipv4dst=2.4.6.8/32,ipproto=tcp,l4srcport=4321/16,l4dstport=9876/16 a:fwd,sys,cos=4,mir=2"
Extreme-Policy-ACL += "v:1 t:a m:ipv4src=1.2.3.6/32,ipv4dst=2.4.6.8/32,ipproto=tcp,l4srcport=4321/16,l4dstport=9876/16 a:fwd,sys,cos=4,mir=2"
Extreme-Policy-ACL += "v:1 t:a,r m:ipv4src=1.2.3.6/32,ipv4dst=2.4.6.8/32,ipproto=tcp,l4srcport=101-200,l4dstport=201-300 a:fwd,sys,cos=4,mir=2"
This example shows the application of dacl in multiauth, if the dot1x
session needs coa,
echo:
Calling-Station-ID = <session-mac-hyponated>, NAS-IP-Address = <switch-ip>, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 101, Enterasys-Auth-Client-Type = 802.1X, Filter-Id = Default" | radclient -x -r 1 <switch-ip>:3799 coa secret