From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sat Feb 17 2007 - 06:33:50 ART
The actuall NAC conversation is being coveyed using EAP-FAST method with NAC
L2 802.1x.
You don'nt need to configure EoUDP here, and all the NAC policies (version
control, antivirus
database version checking, etc) are configured on ACS server.
Take a look at
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns617/c649/cdccont_0900aecd8040bbd8.pdf
for detailed configuration steps for NAC L2 802.1x.
HTH
-- Petr Lapukhov, CCIE #16379 (R&S/Security) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com
2007/2/16, BitGossip <bit.gossip@chello.nl>: > > Group, > > According to DocCD: > > > > > http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12235se/scg1/sw8 > 021x.htm#wp1241796 > > > > <quote> > > In Cisco IOS Release 12.2(25)SED and later, the switch supports the > Network > Admission Control (NAC) Layer 2 IEEE 802.1x validation, which checks the > antivirus condition or posture of endpoint systems or clients before > granting the devices network access > > </quote> > > > > But looking at how to configure it: > > > http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12235se/scg1/sw8 > 021x.htm#wp1241915 > > > > <quote> > > This example shows how to configure NAC Layer 2 IEEE 802.1x validation: > > Switch# configure terminal > Switch(config)# interface gigabitethernet0/1 > Switch(config-if)# dot1x reauthentication > Switch(config-if)# dot1x timeout reauth-period server > > > > </quote> > > > > This example puzzles me very much: where does it mention any NAC and any > antivirus feature? > > It is just reauthentication and timeout.. > > > > Any idea.. > > > > Luca. > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART