Filter
Top Products
Chapter 7. Network enforcement subsystem implementation 217
– Network Access Filtering
This option enables the appearance of the network access filtering option
under the Shared Profile Components window. This allows a network to
have different enforcement policies downloaded for applications to a client
in a particular state depending on where in the network the client is
located. For instance, if multiple remediation servers are present in a
network, it is best to send a client in a quarantined state to the closest
remediation server for its software update.
4. Click Submit (Figure 7-3) to add these configuration options to the Shared
Profile Components interface. These options are necessary for the
configuration of the enforcement actions taken by the NAD.
Figure 7-3 Interface configuration advanced options
Note: Group-level downloadable ACLs are not yet supported for
L2Dot1x. They are only supported for NAC L2/L3 IP. It is Cisco’s stated
intention that future releases of IOS for switches will support
downloadable ACLs for NAC L2 802.1x. Access restriction for NAC L2
802.1x should be configured as an access-list bound to the SVI on the
L3 device closest to the end user. In the example used for this book, the
access lists were bound to the SVIs defined on the 3750 switch.