From: Ivan (ivan@iip.net)
Date: Fri Jan 05 2007 - 20:27:39 ART
Are you sure about any any in ACL101 ?
acl 101 permit udp any any eq 21862
acl 101 deny ip VLAN_20 VLAN_22
acl 101 permit ip any any
On Saturday 06 January 2007 02:06, Noel Debouver III wrote:
> Users from VLAN_20 going to VLAN_22. Configure R2 to authorize them on
> radius server at 10.1.1.1 and check the last antivirus updates.
>
> I'm thinking:
>
> aaa
> new-model
> aaa authentication eou default group radius
> ip admission name AV
> eapoudp
>
> int F0/2
> ip access-group 101 in
> ip admission AV
>
> access-list 101
> permit udp any any eq 21862
> access-list 101 deny ip any any
>
> radius-server
> host 10.1.1.1 key CCIE
>
>
>
> By the way I researched my answer from a white paper
> by Cisco on NAC. So I am not sure if port 21862 is just for CA or is it
> in general?
>
> Any ideas.
>
> Would you do it diffently, why or why not?
> __________________________________________________
> Do You Yahoo!?
> Tired of
> spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:55 ART