Configuring cisco ios router for nac l3 ip – IBM Tivoli and Cisco User Manual

298

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Audit Session ID : 000000005222BFF40000001BC0A80B33
PostureToken : Quarantine
Age(min) : 0
URL Redirect : NO URL REDIRECT
URL Redirect ACL : Quarantine_ACL
ACL Name : #ACSACL#-IP-Quarantine_ACL-4514163a
User Name : CARE-SYSTEM:Markus
Revalidation Period : 3600 Seconds
Status Query Period : 30 Seconds
Current State : AUTHENTICATED

Figure 7-70 Corresponding Passed Authentications screen from the ACS

Configuring Cisco IOS Router for NAC L3 IP

Currently, NAC requires a Cisco IOS Software router running Cisco IOS
Software Release 12.3(8)T or later that includes the Cisco IOS Advanced
Security feature. The current router compatibility matrix can be found at:

http://www.cisco.com/en/US/partner/netsol/ns617/networking_solutions_
documentation_roadmap09186a008066499c.html#wp1008583

This section describes how to configure the Cisco IOS Software device acting as
the NAD, which includes these steps:

1. Configuring AAA EOU Authentication Protocols and Authentication Proxy

Authorization Protocols, AAA Setup, RADIUS Server Host and Key