Device Security 111Authentication Server Filter AssignmentThe PowerConnect 6200 Series switches allow the external 802.1X Authenticator or RADIUS server toassign DiffServ policies to users that authenticate to the switch. When a host (supplicant) attempts toconnect to the network through a port, the switch contacts the 802.1X authenticator or RADIUS server,which then provides information to the switch about which DiffServ policy to assign the host (supplicant).The application of the policy is applied to the host after the authentication process has completed.To enable filter assignment by an external server, the following conditions must be true:1 The port that the host is connected to must be enabled for MAC-based port access control by usingthe following command in Interface Config mode:dot1x port-control mac-based2 The RADIUS or 802.1X server must specify the policy to assign.For example, if the DiffServ policy to assign is named internet_access, include the following attributein the RADIUS or 802.1X server configuration:Filter-id = “internet_access”3 The DiffServ policy specified in the attribute must already be configured on the switch, and the policynames must be identical.For information about configuring a DiffServ policy, see "Differentiated Services" on page 143. Thesection, "Example #1: DiffServ Inbound Configuration" on page 144," describes how to configure apolicy named internet_access.NOTE: If the policy specified within the server attribute does not exist on the switch, authentication will fail.Access Control Lists (ACLs)This section describes the Access Control Lists (ACLs) feature.OverviewAccess Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that providesecurity by blocking unauthorized users and allowing authorized users to access specific resources.ACLs can also provide traffic flow control, restrict contents of routing updates, and decide which types oftraffic are forwarded or blocked. Normally ACLs reside in a firewall router or in a router connecting twointernal networks.The PowerConnect 6200 Series switch supports ACL configuration in both the ingress and egressdirection. Egress ACLs provide the capability to implement security rules on the egress flows rather thanthe ingress flows. Ingress and egress ACLs can be applied to any physical port (including 10G), or port-channel, or VLAN routing port.