allow Web access and DNS access in case of manual remediation requirements or access to the intranet Web pages for help.

On the 3750 switch, enter the following verification command:

show dot1x interface fa1/0/5 detail

nac3750sa#sho dot1x interface fa1/0/5 detail

Dot1x Info for FastEthernet1/0/5

-----------------------------------

PAE

= AUTHENTICATOR

PortControl

= AUTO

ControlDirection

= Both

HostMode

= SINGLE_HOST

ReAuthentication

= Enabled

QuietPeriod

= 60

ServerTimeout

= 30

SuppTimeout

= 30

ReAuthPeriod

= (From Authentication Server)

ReAuthMax

= 2

MaxReq

= 2

TxPeriod

= 30

RateLimitPeriod

= 0

Guest-Vlan

= 15

Dot1x Authenticator Client List

-------------------------------

Supplicant

 

=

0011.25ce.f56c

Auth

SM State

=

AUTHENTICATED

Auth

BEND SM Stat =

IDLE

Port Status

 

=

AUTHORIZED

ReAuthPeriod

 

=

60

ReAuthAction

 

=

Reauthenticate

TimeToNextReauth

=

59

Authentication Method

=

Dot1x

Posture

 

=

Quarantine

Authorized By

=

Authentication Server

Vlan Policy

 

=

13

A full NAC Framework documentation reference guide can be found at:

http://www.cisco.com/en/US/partner/netsol/ns617/networking_solutions_ documentation_roadmap09186a008066499c.html

Configuring Cisco 3750 switch for NAC L2 IP

See “Configuring Cisco 3750 switch for NAC L2 802.1x” on page 292 for prerequisites.

Chapter 7. Network enforcement subsystem implementation

295

Page 313
Image 313
IBM Tivoli and Cisco manual Configuring Cisco 3750 switch for NAC L2 IP, 295