IBM Tivoli and Cisco manual Downloadable Access Control Lists, Downloadable ACL creation

Downloadable Access Control Lists

NAC L2/L3 IP uses EAPoUDP (EOU), which allows for ACLs to be downloaded from the ACS to the NAD. In our example, the NAD will be a Cisco 3750 switch. The ACLs are downloaded on a per-user basis and are applied to the individual switch ports on a per-session basis. The section describes how to configure these downloadable ACLs.

1.From the main menu, select System Configuration.

2.From System Configuration, select Downloadable IP ACLs.

3.We have deleted all the sample ACLs to go through the process of creating them from scratch (Figure 7-63).

Figure 7-63 Downloadable ACL creation

4. Click Add.

284Building a Network Access Control Solution with IBM Tivoli and Cisco Systems