准入服务器下发安全acl

验证配置

(1)     Client通过802.1X认证上线后，执行display connection命令，查看802.1X用户上线后的基本信息。观察上线信息的Index，本例中Index值为27。

<AC> display connection

Index=27  ,Username=lw@office

MAC=00-24-01-EB-FA-EE

IP=N/A

IPv6=N/A

Online=00h00m09s

 Total 1 connection(s) matched.

(2)     通过执行display connection ucibindex 27命令，得到Client通过802.1X认证后的详细信息，可以查看到授权ACL下发成功。

<AC> display connection ucibindex 27

Index=27  , Username=lw@office

MAC=00-24-01-EB-FA-EE

IP=N/A

IPv6=N/A

Access=8021X   ,AuthMethod=EAP

Port Type=Wireless-802.11,Port Name=WLAN-DBSS1:0

Initial VLAN=200, Authorization VLAN=N/A

ACL Group=3000

User Profile=N/A

CAR=Disable

Traffic Statistic:

    InputOctets   =0          OutputOctets   =0

    InputGigawords=0          OutputGigawords=0

Priority=Disable

SessiOnTimeout=N/A, Terminate-Action=N/A

Start=2013-11-20 19:34:23 ,Current=2013-11-20 19:34:38 ,Online=00h00m15s

 Total 1 connection matched.

(3)     Client认证成功并获取IP地址后，能ping通8.125.0.0/16网段，无法ping通其他网段，证明授权ACL已生效。

C:\Documents and Settings\Administrator>ping 8.125.1.1

Pinging 8.125.1.1 with 32 bytes of data:

Reply from 8.125.1.1: bytes=32 time=6ms TTL=254

Reply from 8.125.1.1: bytes=32 time=12ms TTL=254

Reply from 8.125.1.1: bytes=32 time=46ms TTL=254

Reply from 8.125.1.1: bytes=32 time=25ms TTL=254

Ping statistics for 8.125.1.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 6ms, Maximum = 46ms, Average = 22ms

C:\Documents and Settings\Administrator>ping 125.100.1.1

Pinging 125.100.1.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 125.100.1.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

(4)     通过display acl命令可以查看到ACL 3000规则的匹配数量（略）。