Filter
Top Products
Chapter 7. Network enforcement subsystem implementation 237
2. From the Interface Configuration menu, select RADIUS (Cisco IOS/PIX 6.0)
(Figure 7-20).
Figure 7-20 Cisco IOS/PIX 6.0 RADIUS attributes
For L2Dot1x NAC, you must select [026/009/001] cisco-av-pair.
3. After selecting this item, click Submit.
Configuring groups
The group setup and configuration portion of the Cisco Secure ACS requires
careful thought and planning. In the NAC L2 802.1x scenario we are using here,
we have two locally defined groups, sales and engineering. One of the nice
features about NAC L2 802.1x is the ability to place users into various different
VLANS dynamically based on dot1x authentication and posture validation. In our
scenario, the default VLAN for sales is VLAN 11. The default VLAN for
engineering is VLAN 12. Part of the planning process is whether your groups will
be locally defined on the Cisco Secure ACS, or will be mapped to a Microsoft