Verifying network admission control – IBM Tivoli and Cisco User Manual

302

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

7. Enabling the HTTP server is necessary for URL redirection. When URL

redirection is configured in the group configuration section, these URL
redirections are sent to the Cisco IOS Software NAD.

Router(config)# ip http server
Router(config)# ip http authentication aaa
Router(config)# no ip http secure-server

8. This command enables EAPoUDP system logging from the Cisco IOS

Software NAD to the console:

Router(config)# eou logging

Verifying Network Admission Control

To verify EAP and EAPoUDP messages or sessions, enter the

show eou

or

show

eou all

command. Example 7-3 shows sample output.

Example 7-3 Output of show eou and show eou all command

Router# show eou
Global EAPoUDP Configuration
----------------------------
EAPoUDP Version = 1
EAPoUDP Port = 0x5566
Clientless Hosts = Enabled
IP Station ID = Disabled
Revalidation = Enabled
Revalidation Period = 36000 Seconds
ReTransmit Period = 3 Seconds
StatusQuery Period = 300 Seconds
Hold Period = 180 Seconds
AAA Timeout = 60 Seconds
Max Retries = 3
EAP Rate Limit = 20
EAPoUDP Logging = Enabled
Clientless Host Username = clientless
Clientless Host Password = password
Interface Specific EAPoUDP Configurations
-----------------------------------------
Interface FastEthernet0/0
No interface specific configuration

Router# show eou all
------------------------------------------------------------------
Address Interface AuthType Posture-Token Age(min)
------------------------------------------------------------------