Re: NAC question

From: Udo (ccie_groupstudy@yahoo.de)
Date: Wed Dec 06 2006 - 08:00:02 ART

• Next message: Hash Aminu: "MPLS IOS Version on low-end routers"
• Previous message: Ali Sheeraz Mehdi: "IP Multicast - tunnel between Spokes in NBMA"
• Maybe in reply to: Gabriel Nunes: "NAC question"
• Next in thread: srdja blagojevic: "RE: NAC question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

in the following environment what is the reason for acl 102 inbound to
eth0/1 ?
Is this the acl which trigger the NAC process ?

Udo

===================================0

aaa new-model
!
!
aaa authentication eou default group radius
aaa session-id common
ip subnet-zero
ip cef
!
! The following line creates a network admission rule. A list is not specified; therefore,
! the rule intercepts all traffic on the applied interface.
ip admission name avrule eapoudp
!
eou logging
!
!
interface FastEthernet0/0
 ip address 10.13.11.106 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.0.1 255.255.255.0
=====================================
-->> ip access-group 102 in
-->> what is the reason for this acl ??
======================================
 ip admission avrule
 duplex auto
 speed auto

access-list 102 permit udp any any eq 21862
access-list 102 deny ip any any

Am Mittwoch, den 06.12.2006, 07:22 -0200 schrieb Gabriel Nunes:
> Yes, The question is asking for this...
>
> Thanks!
>
>
> On 12/6/06, Hewie <whewetson@gmail.com> wrote:
> >
> > Hi Gabriel,
> >
> > The NAC L3 architecture requires an ACL to trigger the NAC process, you
> > could simply use a permit ip any any statement. Any particular reason why
> > you don't want to use an ACL?
> >
> > Hewie
> >
> >
> > On 12/5/06, Gabriel Nunes <gabriel.nunes@gmail.com> wrote:
> >
> > > Does someone know how to configure a router to authorize the users on
> > > radius
> > > server and check the last antivirus updates without using ACL?
> > >
> > > Thanks!
> > >
> > > Gabriel
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Hash Aminu: "MPLS IOS Version on low-end routers"
• Previous message: Ali Sheeraz Mehdi: "IP Multicast - tunnel between Spokes in NBMA"
• Maybe in reply to: Gabriel Nunes: "NAC question"
• Next in thread: srdja blagojevic: "RE: NAC question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART