44-31
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 44 Configuring Network Admission Control
Configuring Network Admission Control with LAN Port IP
set security acl ip NACACL permit dhcp-snooping
set security acl ip NACACL permit udp any eq 21862 host 9.6.3.3 eq 53000
set security acl ip NACACL permit ip group Healthy_hosts any
set security acl ip NACACL deny ip group infected_hosts any
set security acl ip NACACL permit ip group exception_hosts any
set security acl ip NACACL permit ip group clientless_hosts host 10.76.39.100
#
commit security acl all #
# map the ACL to VLAN 77
set security acl map NACACL 77
!
#module 8 : 48-port 10/100BaseTX Ethernet
set vlan 12 8/14
set vlan 77 8/13,8/24
set port name 8/13 HOSTS
set port name 8/14 RADIUS
set port name 8/24 HOSTS
set port eou 8/13 enable
set port eou 8/24 bypass
set port dhcp-snooping 8/14 trust enable
!
#module 9 empty
!
#module 15 : 1-port Multilayer Switch Feature Card
!
#module 16 empty
!
#switch port analyzer
set span permit-list disable
set span permit-list include
end
sup2> (enable)
The configuration on the MSFC (default router) is as follows:
Router# show run
Building configuration...
Current configuration : 509 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
ip multicast-routing
ip dhcp-server 10.76.39.93
redundancy
high-availability
single-router-mode
!
!
!
interface Vlan12
ip address 9.6.3.6 255.255.255.0
!
interface Vlan77
ip address 77.0.0.76 255.255.255.0
To Next Page
Loading...
