https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3721574#M491494 <P><FONT face="book antiqua,palatino" size="2">Hello Experts,</FONT></P> <P><FONT face="book antiqua,palatino" size="2">I would like to push dACL from ISE to a HP Comware 5130 switch.</FONT><BR /><FONT face="book antiqua,palatino" size="2">I am really not sure how this work for HP?</FONT></P> <P><FONT face="book antiqua,palatino" size="2">I have created an authorization policy and will be using attribute, nas-filter-rule from Radius dictionary.</FONT></P> <P>&nbsp;</P> <P><FONT face="book antiqua,palatino" size="2">Is this the correct method to push a dACL to HP switch, as you know its pretty easy to push a dACL to an Cisco switch.</FONT></P> <P>&nbsp;</P> <P><FONT face="book antiqua,palatino" size="2">Any pointers?</FONT></P> Tue, 09 Oct 2018 06:53:57 GMT dgaikwad 2018-10-09T06:53:57Z https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3721574#M491494 <P><FONT face="book antiqua,palatino" size="2">Hello Experts,</FONT></P> <P><FONT face="book antiqua,palatino" size="2">I would like to push dACL from ISE to a HP Comware 5130 switch.</FONT><BR /><FONT face="book antiqua,palatino" size="2">I am really not sure how this work for HP?</FONT></P> <P><FONT face="book antiqua,palatino" size="2">I have created an authorization policy and will be using attribute, nas-filter-rule from Radius dictionary.</FONT></P> <P>&nbsp;</P> <P><FONT face="book antiqua,palatino" size="2">Is this the correct method to push a dACL to HP switch, as you know its pretty easy to push a dACL to an Cisco switch.</FONT></P> <P>&nbsp;</P> <P><FONT face="book antiqua,palatino" size="2">Any pointers?</FONT></P> Tue, 09 Oct 2018 06:53:57 GMT https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3721574#M491494 dgaikwad 2018-10-09T06:53:57Z https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3721679#M491495 <P>Hello Dinesh,&nbsp;</P> <P>Create a separate NAD profile for HP Comware switch. you can make copy of the existing profile and edit the attribute for nas-filter-rule.&nbsp;</P> <P>make sure you have the format of the acl correct.&nbsp;</P> <P>for example -&nbsp;</P> <PRE class="programlisting">Nas-filter-Rule="permit in tcp from any to any"</PRE> <P>Also, please refer this document for your reference. -&nbsp;<A href="https://community.cisco.com/t5/security-documents/hpe-wired-xml/ta-p/3643636&nbsp;" target="_blank">https://community.cisco.com/t5/security-documents/hpe-wired-xml/ta-p/3643636&nbsp;</A></P> <P>&nbsp;</P> <P>Thanks,</P> <P>Nidhi</P> Tue, 09 Oct 2018 09:06:55 GMT https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3721679#M491495 Nidhi 2018-10-09T09:06:55Z https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3721744#M491496 <P><FONT face="book antiqua,palatino" size="2">I checked and seems that this attribute has already been added to the HP dictionary.</FONT></P> <P><FONT face="book antiqua,palatino" size="2">So, I tried to run a test, seems that the ACL configured on the switch is getting applied, just that the rule that I sending via the filter-rule is not getting applied on switch.</FONT></P> <P><FONT face="book antiqua,palatino" size="2">How do I check if the ACL that I am sending via authz profile is getting applied on the switch?</FONT></P> Tue, 09 Oct 2018 11:03:00 GMT https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3721744#M491496 dgaikwad 2018-10-09T11:03:00Z https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3722377#M491497 <P>Try show ip access-lists int &lt;interface &gt;&nbsp; - This is the command on cisco switches . Not sure if this will work. but I saw some documents where this command has been used for HP switches.&nbsp;</P> <P>You will have to check in HP documents&nbsp;if this does not work.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Nidhi</P> Wed, 10 Oct 2018 04:43:25 GMT https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3722377#M491497 Nidhi 2018-10-10T04:43:25Z https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3723277#M491498 <P><FONT face="book antiqua,palatino" size="2">There is no such command on HP switch, I am referring HP document to find that out.</FONT></P> Thu, 11 Oct 2018 07:00:51 GMT https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3723277#M491498 dgaikwad 2018-10-11T07:00:51Z https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3723518#M491499 <P>You will need to research what syntax is used on HP switches</P> <P>&nbsp;</P> <P>As far as im aware the equivalent of "show" commands in IOS is "display" on HP devices</P> <P>For example</P> <P>&nbsp;</P> <P>Cisco&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HP</P> <P>show version ~ display version</P> Thu, 11 Oct 2018 11:55:27 GMT https://community.cisco.com/t5/network-access-control/push-dynamic-acl-on-a-hp-comware-5130-switch/m-p/3723518#M491499 ldanny 2018-10-11T11:55:27Z