Filter
Top Products
Chapter 7. Network enforcement subsystem implementation 297
permit tcp any any eq domain
deny ip any any
ip access-list extended initial-acl
permit udp any any eq domain
permit udp any any eq bootpc
permit udp any any eq bootps
permit icmp any any
permit udp any any eq 21862
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server host 192.168.9.22 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key cisco123
radius-server vsa send authentication
!
On the 3750 switch, enter the following verification commands.
show eou all to verify the client’s current status:
nac3750sa#show eou all
---------------------------------------------------------------------
Address Interface AuthType Posture-Token Age(min)
---------------------------------------------------------------------
192.168.11.51 FastEthernet1/0/11 EAP Quarantine 0
show ip access-list interface fa1/0/11 to check that the downloadable ACL
has been applied to the switchport:
nac3750sa#sho ip access-list interface fa1/0/11
IP Admission access control entires (Inbound)
permit udp host 192.168.11.51 eq bootpc any eq bootps
permit udp host 192.168.11.51 host 192.168.9.22 eq 21862
permit icmp host 192.168.11.51 host 192.168.9.220
permit icmp host 192.168.11.51 host 192.168.104.10
permit ip host 192.168.11.51 host 192.168.9.220
permit ip host 192.168.11.51 host 192.168.104.10
permit tcp host 192.168.11.51 any eq www
permit tcp host 192.168.11.51 any eq domain
deny ip host 192.168.11.51 any
nac3750sa#
show eou ip 192.168.11.51 to see a summary of that particular host:
nac3750sa#sho eou ip 192.168.11.51
Address : 192.168.11.51
MAC Address : 0011.25ce.f56c
Interface : FastEthernet1/0/11
AuthType : EAP