Table of Contents
Advertisement
Chapter 30
Network Admission Control
Modify Firewall
Interface
FastEthernet0/0
FastEthernet0/0
FastEthernet0/0
FastEthernet0/0
FastEthernet0/0
Details Window
OL-4015-12
Cisco SDM traffic from hosts on that network. The host or network must be
accessible from the interfaces that you specified. Choose Any to allow Cisco
SDM traffic from any host connected to the specified interfaces.
Cisco SDM checks each
configuration to determine if it blocks any traffic that should be allowed through
the firewall so that the feature you are configuring will work.
Each interface is listed, along with the service currently being blocked on that
interface, and the ACL that is blocking it. If you want Cisco SDM to modify the
ACL to allow the traffic listed, check the Modify box in the appropriate row. If
you want to see the entry that Cisco SDM will add to the ACL, click the Details
button.
In the following table, FastEthernet0/0 has been configured for NAC. This
interface is configured with the services shown in the Service column.
Service
RADIUS Server
DNS
DHCP
NTP
VPN
This window displays the entries that Cisco SDM will add to ACLs to allow
services needed for the service you are configuring. The window might contain an
entry like the following:
permit tcp host 10.77.158.84 eq www host 10.77.158.1 gt 1024
In this case, web traffic whose port number is greater than 1024 is permitted from
the host 10.77.158.84 on the local network to the host 10.77.158.1
Cisco Router and Security Device Manager 2.5 User's Guide
ACL
applied to the interface specified in this
ACL
101 (INBOUND)
100 (INBOUND)
100 (INBOUND)
101 (INBOUND)
190 (INBOUND)
Create NAC Tab
Action
[ ] Modify
[ ] Modify
[ ] Modify
[ ] Modify
[ ] Modify
30-11
Advertisement
Table of Contents
Troubleshooting
