From: Class Act (droppedpacket2006@yahoo.com)
Date: Wed Feb 14 2007 - 18:32:49 ART
Can anyone give me some help with Network Access Control. I have included the
example configuration from Cisco Documentation that I have been using, below.
1. What commands are best for verifying your confiuration?
2. If I only
want to apply this admission policy to a subset of the traffic going through
an interface, do I still use an access list but match that specific traffic?
3. Is there any other method to identify the traffic other than ACL?
4. Is
there a good reference that will explain the flow for this process?
Regards,
Jo
Network Admission Control: Example
aaa new-model
aaa authentication eou
default group radius
aaa session-id common
! The following line creates a
network admission rule. A list is not specified; therefore,
! the rule
intercepts all traffic on the applied interface.
ip admission name avrule
eapoudp
eou logging
interface FastEthernet0/0
ip address 10.13.11.106
255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address
10.0.0.1 255.255.255.0
ip access-group 102 in
! The following line
configures an IP admission control interface.
ip admission avrule
duplex
auto
speed auto
! The following lines configure an interface access list
that allows EAPoUDP traffic
! and blocks the rest of the traffic until it is
validated.
access-list 102 permit udp any any eq 21862
access-list 102 deny
ip any any
! The following line configures RADIUS.
radius-server host
10.13.11.105 auth-port 1645 acct-port 1646 key cisco
!
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART