Configuring A Nac Aaa Down Policy - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring NAC
Command
Step 5
Router(config-identity-prof)# device {authorize |
not-authorize} {ip-address ip_address |
mac-address mac_address | type cisco ip phone}
[policy policy_name ]
Step 6
Router(config)# exit
Step 7
Router# end
Step 8
Router# show running-config
Step 9
Router# copy running-config startup-config
To remove the identity policy from the switch, use the no identity-policy policy_name global
configuration command. To remove the identity profile, use the no identity profile eapoudp global
configuration command. To not authorize the specified IP device and remove the specified policy from
the device, use the no device {authorize | not-authorize} {ip-address ip_address | mac-address
mac_address | type cisco ip phone} [policy policy_name] interface configuration command.
This example shows how to configure the identity profile and policy:
Router# configure terminal
Router(config)# identity policy policy1
Router(config-identity-policy)# access-group group1
Router(config)# identity profile eapoudp
Router(config-identity-prof)# device authorize ip address 10.10.142.25 policy policy1
Router(config-identity-prof)# exit
Router(config)# end
Configuring a NAC AAA Down Policy
Note
This feature is only available on the Catalyst 6500 series switch and the Catalyst 7600 router.
To configure NAC AAA down policy, perform this task:
Command
Step 1
Router# configure terminal
Step 2
Router(config)# ip admission name
rule-name eapoudp event timeout aaa
policy identity
identity_policy_name
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
45-18
Purpose
Authorizes the specified IP device, and applies the
specified policy to the device.
Exits from identity-profile configuration mode, and
returns to global configuration mode.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Creates a NAC a rule and associates an identity policy to be applied to
sessions, when the AAA server is unreachable.
To remove the rule on the switch, use the no ip admission name
rule-name eapoudp event timeout aaa policy identity global
configuration command.
Chapter 45
Configuring Network Admission Control
OL-4266-08
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
