EasyManuals Logo

Cisco 7604 User Manual

Cisco 7604
1011 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #804 background imageLoading...
Page #804 background image
45-20
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 45 Configuring Network Admission Control
Configuring NAC
The following example illustrates how to apply a AAA down policy:
Router# config t
Enter configuration commands, one per line. End with CNTL/Z.
Step 13
Router(config)# radius-server host
{
hostname
|
ip-address
} test
username
username
idle-time 1 key
string
(Optional) Configures the RADIUS server parameters.
For the hostname or ip-address, specify the hostname or IP address of the
remote RADIUS server.
For the key string value, specify the authentication and encryption key
used between the switch and the RADIUS daemon running on the
RADIUS server. The key is a text string that must match the encryption
key used on the RADIUS server.
Note Always configure the key as the last item in the radius-server
host command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
The test username value parameter is used for configuring the dummy
username that tests whether the AAA server is active or not.
The idle-time parameter is used to set how often the server should be tested
to determine its operational status. If there is no traffic to the RADIUS server,
the NAD sends dummy radius packets to the RADIUS server based on the
idle-time.
If you want to use multiple RADIUS servers, reenter this command.
Step 14
Router(config)# radius-server
attribute 8 include-in-access-req
(Optional) Configures the switch to send the Framed-IP-Address
RADIUS attribute (Attribute[8]) in access-request or accounting-request
packets if the switch is connected to nonresponsive hosts.
To configure the switch to not send the Framed-IP-Address attribute, use
the no radius-server attribute 8 include-in-access-req global
configuration command.
Step 15
Router(config)# radius-server vsa
send authentication
Configures the network access server to recognize and use vendor-specific
attributes.
Step 16
Router(config)# radius-server
dead-criteria {tries | time}
value
Forces one or both of the criteria (used to mark a RADIUS server as dead)
to be the indicated constant.
Step 17
Router(config)# eou logging
(Optional) Enables EAPoUDP system logging events.
To disable the logging of EAPoUDP system events, use the no eou
logging global configuration command.
Step 18
Router(config)# end
Returns to privileged EXEC mode.
Step 19
Router# show ip admission {[cache]
[configuration] [eapoudp]}
Displays the NAC configuration or network admission cache entries.
Step 20
Router# show ip device tracking
{all | interface
interface-id
| ip
ip-address
| mac
mac-address
}
Displays information about the entries in the IP device tracking table.
Step 21
Router(# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 7604 and is the answer not in the manual?

Cisco 7604 Specifications

General IconGeneral
BrandCisco
Model7604
CategoryNetwork Router
LanguageEnglish

Related product manuals