22-29
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
Chapter22 Network Admission Control
Create NAC Tab
NAC Router Management Access
Hosts logging on to SDM must be exempt from NAC validation. Specify the
interfaces through which SDM can be run, and specify the hosts that are to be
exempt from NAC validation so that users can launch SDM on them.

Select the Interface Area

Select the interfaces through which users must be able to launch SDM. The
interfaces listed in this area are those that you selected for NAC configuration.

Source Host/Network Area

If you want to exempt a single host from NAC validation, choose Host Address
and enter the IP address of a host. Choose Network Address and enter the address
of a network and a subnet mask to exempt hosts on that network from NAC
validation. The host or network must be accessible from the interfaces that you
specified. Choose Any to exempt any host connected to the specified interfaces
from NAC validation.
Open Interface ACL
SDM checks the ACLs applied to the NAC interfaces to determine if they block
any traffic used during the NAC validation process and reports what it finds in this
screen.
Each NAC interface is listed, along with the service currently being blocked on
that interface, and the ACL that is blocking it. If you want SDM to modify the
ACL to allow the traffic listed, check the Modify box in the appropriate row. If
you want to see the entry that SDM will add to the ACL, click the Details button.
In the following table, two interfaces have been configured for NAC, Ethernet0/0
and FastEthernet0/0. DNS and DHCP services are blocked on Ethernet0/0 and
NTP traffic is blocked on FastEthernet0/0.
Interface Service ACL Action
Ethernet0/0 DNS 100 (INBOUND) [ ] Modify
Ethernet0/0 DHCP 100 (INBOUND) [ ] Modify