Filter
Top Products
Chapter 7. Network enforcement subsystem implementation 299
2. Configuring Admission Control EOU
3. Configuring an Exception List Configuration for Clientless Hosts
4. Configuring Clientless User Policy
5. Configuring EAP over UDP Timers
6. Configuring the Interfaces and Intercept ACL
7. Configuring the HTTP Server
8. Enabling EOU Logging
For more information, see the Cisco IOS Software Release 12.3(8)T new
features documentation specific to NAC at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/1
23t_8/gt_nac.htm
1. To set up AAA for EAPoUDP (EOU), perform the following commands using
your router command console:
Router(config)# aaa new-model
Router(config)# aaa authentication eou default group radius
Router(config)# aaa session-id common
Router(config)# radius-server host 10.1.1.1 key secret
Replace the word secret with the shared key you configured for the Cisco
Secure ACS. Also configure the source IP address interface for the RADIUS
packets that were configured in the Cisco Secure ACS network configuration.
2. Enable the EOU posture validation process.
To specify that any packet received on the interface to which this policy is
applied triggers the admission control process, use:
Router(config)# ip admission name admission-name eapoudp
Replace admission-name as appropriate.
Optionally, you can exempt traffic from triggering the admission control
process by applying an ACL to the NAC policy statement in the configuration.
Attention: If AAA is not already configured and you configure it now, you
could be locked out of the router without configuring a way for the person to
log in.
Tip: For redundancy, you can configure multiple RADIUS server entries.