Cisco Layer 3 Switch Integration Script (6500 SUP720)
This document provides scripts required to complete the installation of the NAC Solution
NAC Router Integration Script
x
conf t ! mls flow ip interface-full mls nde sender no mls aclmerge odm optimizations ! ip flow-export destination x.x.x.x 50001 (Replace with IP of AD server and remove this comment)! ip access-list extended impulse_block permit ip any host 198.31.193.211!ip access-list extended intranetremark allow DNS permit udp any any eq domain remark allow DHCP permit udp any any eq bootpsremark allow access to AD server permit ip any host x.x.x.x (Replace with IP of AD server and remove this comment)remark allow access to AV serverpermit ip any host x.x.x.x (Replace with IP of AV server and remove this comment)remark allow RDP access to blocked hosts permit tcp any eq 3389 any!route-map impulse deny 10match ip address intranet! route-map impulse permit 20match ip address impulse_block set ip next-hop x.x.x.x (Replace with IP of AD server and remove this comment)!interface vlan X (Layer 3 interface(s) which is/are default gateway for subnet(s) to be placed under policy – recommend a test subnet first, remove this comment)ip policy route-map impulse ip flow ingressip helper-address x.x.x.x (replace with IP of NAC appliance)!end*Note – Be sure to also allow the NAC Enforcer access to the router if a VTY/SSH access-list is present on the router.
Was this page helpful?
