Table of Contents
Advertisement
Chapter 41
Configuring Network Admission Control
Command
Step 16
Router(config)# ip device tracking [probe {count
count | interval interval}]
Step 17
Router(config)# eou logging
Step 18
end
Step 19
Router# show ip admission {[cache]
[configuration] [eapoudp]}
Step 20
Router# show ip device tracking {all | interface
interface_id | ip ip_address | mac mac_address}
Step 21
Router# show ip access lists interface interface
Step 22
Router# copy running-config startup-config
To remove the IP NAC rule on the switch, use the no ip admission name rule_name eapoudp global
configuration command. To remove the IP NAC rule that was applied to a specific interface, use the no
ip admission admission_name interface configuration command.
To remove the EAPoUDP authentication methods, use the no aaa authentication eou default global
configuration command. To configure the auth-proxy posture code to not obtain security associations
from the AAA server, use the no aaa authorization auth-proxy default global configuration command.
To disable the IP device tracking table and return the parameters for the table to the default values, use
the no device tracking and the no device tracking probe {count | interval} global configuration
commands.
To configure the switch to not send the Framed-IP-Address attribute, use the no radius-server attribute
8 include-in-access-req global configuration command.
To disable the logging of EAPoUDP system events, use the no eou logging global configuration
command.
To clear all NAC client device entries on the switch or on the specified interface, use the clear eou
privileged EXEC command. To clear entries in the IP device tracking table, use the clear ip device
tracking privileged EXEC command.
This example shows how to configure NAC Layer 2 IP validation on a switch interface:
Router# configure terminal
Router(config)# ip admission nac eapoudp
Router(config)# access-list 5 permit any any
Router(config)# interface gigabitethernet 2/0/1
Router(config-if)# ip access-group 5 in
Router(config-if)# ip admission name nac
Router(config-if)# exit
Router(config)# aaa new-model
Router(config)# aaa authentication eou default group radius
Router(config)# radius-server host admin key rad123
OL-11439-03
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
Purpose
(Optional) Configures these IP device tracking table
parameters:
•
probe count count—Sets the number of times that
the switch sends the ARP probe for an entry before
removing an entry from the IP device tracking table.
The range is from 1 to 5. The default is 3.
probe interval interval—Sets the number of seconds
•
that the switch waits before resending the ARP
probe. The range is from 30 to 300 seconds. The
default is 30 seconds.
(Optional) Enables EAPoUDP system logging events.
Returns to privileged EXEC mode.
Displays the NAC configuration or network admission
cache entries.
Displays information about the entries in the IP device
tracking table.
Displays the downloaded host policies in the Cisco IOS
software configuration.
(Optional) Saves your entries in the configuration file.
Configuring NAC
41-15
- Quick Links:
- Product Overview
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Cisco WS-SUP32-GE-3B - Supervisor Engine 32
Related Products for Cisco WS-SUP32-GE-3B - Supervisor Engine 32
- Cisco WAN Modeling Tools
- Cisco WS-SUP720-3B - Supervisor Engine 720
- Cisco WS-SVC-AGM-1-K9= - Anomaly Guard Module
- Cisco WS-SVC-CMM-ACT-RF - Conferencing And Transcoding Port Adapter Voice DSP Module
- Cisco WS-SVC-ADM-1-K9= - Traffic Anomaly Detector Module
- Cisco WS-SVC-FWM-1-K9= - Firewall Service Module
- Cisco WS-SVC-IDS2-BUN-K9 - Intrusion Detection Sys Module 2
- Cisco WS-SVC-IPSEC-1= - IPSec VPN Services Module