beautypg.com

IBM Tivoli and Cisco User Manual

Page 311

background image

Chapter 7. Network enforcement subsystem implementation

293

!

!
interface FastEthernet1/0/5
description **Connected to CARE-SYSTEM Workstation**
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout reauth-period server
dot1x reauthentication
dot1x guest-vlan 15
spanning-tree portfast
!

The Access Controls Lists (ACLs) that we used in our scenario are listed below:

access-list 110 remark **Healthy Sales VLAN ACLs**
access-list 110 deny ip any 192.168.13.0 0.0.0.255
access-list 110 deny ip any 192.168.14.0 0.0.0.255
access-list 110 deny ip any 192.168.15.0 0.0.0.255
access-list 110 permit ip any any
!
access-list 120 remark **Healthy Engineering VLAN ACLs**
access-list 120 deny ip any 192.168.13.0 0.0.0.255
access-list 120 deny ip any 192.168.14.0 0.0.0.255
access-list 120 deny ip any 192.168.15.0 0.0.0.255
access-list 120 permit ip any any
!
access-list 130 remark **Quarantine Sales VLAN ACLs**
access-list 130 permit icmp any host 192.168.9.220
access-list 130 permit icmp any host 192.168.104.10
access-list 130 permit ip any host 192.168.9.220
access-list 130 permit ip any host 192.168.104.10
access-list 130 permit udp any eq bootpc any eq bootps
access-list 130 deny ip any 192.168.11.0 0.0.0.255
access-list 130 deny ip any 192.168.12.0 0.0.0.255
access-list 130 deny ip any 192.168.14.0 0.0.0.255
access-list 130 deny ip any 192.168.15.0 0.0.0.255
access-list 130 permit tcp any any eq www
access-list 130 permit tcp any any eq domain
access-list 130 deny ip any any log
!
access-list 140 remark **Quarantine Engineering VLAN ACLs**
access-list 140 permit icmp any host 192.168.9.220
access-list 140 permit icmp any host 192.168.104.10
access-list 140 permit ip any host 192.168.9.220
access-list 140 permit ip any host 192.168.104.10
access-list 140 permit udp any eq bootpc any eq bootps

See also other documents in the category IBM Hardware: