10-08-2018 11:53 PM
Hello Experts,
I would like to push dACL from ISE to a HP Comware 5130 switch.
I am really not sure how this work for HP?
I have created an authorization policy and will be using attribute, nas-filter-rule from Radius dictionary.
Is this the correct method to push a dACL to HP switch, as you know its pretty easy to push a dACL to an Cisco switch.
Any pointers?
10-09-2018 02:06 AM
Hello Dinesh,
Create a separate NAD profile for HP Comware switch. you can make copy of the existing profile and edit the attribute for nas-filter-rule.
make sure you have the format of the acl correct.
for example -
Nas-filter-Rule="permit in tcp from any to any"
Also, please refer this document for your reference. - https://community.cisco.com/t5/security-documents/hpe-wired-xml/ta-p/3643636
Thanks,
Nidhi
10-09-2018 04:03 AM
I checked and seems that this attribute has already been added to the HP dictionary.
So, I tried to run a test, seems that the ACL configured on the switch is getting applied, just that the rule that I sending via the filter-rule is not getting applied on switch.
How do I check if the ACL that I am sending via authz profile is getting applied on the switch?
10-09-2018 09:43 PM
Try show ip access-lists int <interface > - This is the command on cisco switches . Not sure if this will work. but I saw some documents where this command has been used for HP switches.
You will have to check in HP documents if this does not work.
Thanks,
Nidhi
10-11-2018 12:00 AM
There is no such command on HP switch, I am referring HP document to find that out.
10-11-2018 04:55 AM
You will need to research what syntax is used on HP switches
As far as im aware the equivalent of "show" commands in IOS is "display" on HP devices
For example
Cisco HP
show version ~ display version
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide