Filter
Top Products
Chapter 7. Network enforcement subsystem implementation 265
3. Click Add.
4. To create the Healthy Sales RAC, in the Name field type Healthy_Sales_RAC.
5. In the Add New Attribute section, we are using the drop-down menus to add
the required values, which are described in Table 7-2.
Table 7-2 Healthy Sales RAC attributes
Note: In the scenario detailed in this book, we have two groups defined:
sales and engineering. When creating the RACs, we define a Healthy
Sales RAC, a Quarantine Sales RAC, a Healthy Engineering RAC, and a
Quarantine engineering RAC. We also define a Default Quarantine RAC to
address the situation where a condition may not be defined or there is no
matched condition. When a user authenticates via IEEE 802.1x, the
posture is checked and a RAC is applied. In this way, we can have
individual Quarantine VLANs for the different groups, which also allows for
different access restrictions for different Quarantine groups. This was done
to show how the solution scales. Have a clear plan on your group to VLAN
mappings, and your VLAN structure before configuring this portion. We
used the following:
Healthy Sales - VLAN 11
Healthy Engineering - VLAN 12
Quarantine Sales - VLAN 13
Quarantine Engineering - VLAN 14
Default Quarantine - VLAN 15
Vendor Attribute Value
Cisco IOS/PIX 6.0 cisco-av-pair (1) status-query-timeout=30
Cisco IOS/PIX 6.0 cisco-av-pair (1) sec:pg=healthy_hosts
IETF Session-Timeout (27) 3600
IETF Termination-Action (29) RADIUS-Request(1)
IETF Tunnel-Type (64) [T1] VLAN (13)
IETF Tunnel-Medium-Type (65) [T1] 802 (6)
IETF Tunnel-Private-Group-ID
(81)
[T1] 11