Cisco Layer 3 Switch Integration Script (4500 SUP4-5)

This document provides scripts required to complete the installation of the NAC Solution

NAC Router Integration Script

Powershell
    
 
conf t!ip flow ingressip flow-export version 5ip flow-export source vlan x (replace x with switch management VLAN number and remove this comment)ip flow-export destination x.x.x.x 50001 (replace x.x.x.x with IP of NAC server and remove this comment)!ip access-list extended impulse_block permit ip any host 198.31.193.211!ip access-list extended intranet remark allow DNSpermit udp any any eq domain remark allow DHCPpermit udp any any eq bootps remark allow access to AD serverpermit ip any host x.x.x.x (Replace with IP of AD server and remove this comment)remark allow access to AV serverpermit ip any host x.x.x.x (Replace with IP of AV server and remove this comment)remark allow RDP access to blocked hosts permit tcp any eq 3389 any!route-map impulse deny 10 match ip address intranet!route-map impulse permit 20 match ip address impulse_blockset ip next-hop x.x.x.x (replace x.x.x.x with IP of NAC server and remove this comment)!interface vlan X (user test VLAN) ip policy route-map impulse ip helper-address x.x.x.x (replace x.x.x.x with IP of NAC server and remove this comment)!end
Copy

*Note – Be sure to also allow the NAC Enforcer access to the router if a VTY/SSH access-list is present on the router.

Last updated on

Was this page helpful?