IBM Tivoli and Cisco Manual

A SERVICE OF

next previous

284 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Downloadable Access Control Lists

NAC L2/L3 IP uses EAPoUDP (EOU), which allows for ACLs to be downloaded

from the ACS to the NAD. In our example, the NAD will be a Cisco 3750 switch.

The ACLs are downloaded on a per-user basis and are applied to the individual

switch ports on a per-session basis. The section describes how to configure

these downloadable ACLs.

1. From the main menu, select System Configuration.

2. From System Configuration, select Downloadable IP ACLs.

3. We have deleted all the sample ACLs to go through the process of creating

them from scratch (Figure 7-63).

Figure 7-63 Downloadable ACL creation

4. Click Add.