Nac Router Management Access; Open Interface Acl - Cisco OL-4015-08 User Manual

Chapter 22 Network Admission Control

NAC Router Management Access

Select the Interface Area
Source Host/Network Area

Open Interface ACL

Interface
Ethernet0/0
Ethernet0/0
OL-4015-08
Hosts logging on to SDM must be exempt from NAC validation. Specify the
interfaces through which SDM can be run, and specify the hosts that are to be
exempt from NAC validation so that users can launch SDM on them.
Select the interfaces through which users must be able to launch SDM. The
interfaces listed in this area are those that you selected for NAC configuration.
If you want to exempt a single host from NAC validation, choose Host Address
and enter the IP address of a host. Choose Network Address and enter the address
of a network and a subnet mask to exempt hosts on that network from NAC
validation. The host or network must be accessible from the interfaces that you
specified. Choose Any to exempt any host connected to the specified interfaces
from NAC validation.
SDM checks the ACLs applied to the NAC interfaces to determine if they block
any traffic used during the NAC validation process and reports what it finds in this
screen.
Each NAC interface is listed, along with the service currently being blocked on
that interface, and the ACL that is blocking it. If you want SDM to modify the
ACL to allow the traffic listed, check the Modify box in the appropriate row. If
you want to see the entry that SDM will add to the ACL, click the Details button.
In the following table, two interfaces have been configured for NAC, Ethernet0/0
and FastEthernet0/0. DNS and DHCP services are blocked on Ethernet0/0 and
NTP traffic is blocked on FastEthernet0/0.
Service
DNS
DHCP
Cisco Router and Security Device Manager Version 2.2 User's Guide
ACL
100 (INBOUND)
100 (INBOUND)
Create NAC Tab
Action
[ ] Modify
[ ] Modify
22-29