Downloadable access control lists – IBM Tivoli and Cisco User Manual

284

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Downloadable Access Control Lists

NAC L2/L3 IP uses EAPoUDP (EOU), which allows for ACLs to be

downloaded

from the ACS to the NAD. In our example, the NAD will be a Cisco 3750 switch.
The ACLs are downloaded on a per-user basis and are applied to the individual
switch ports on a per-session basis. The section describes how to configure
these downloadable ACLs.

1. From the main menu, select System Configuration.

2. From System Configuration, select Downloadable IP ACLs.

3. We have deleted all the sample ACLs to go through the process of creating

them from scratch (Figure 7-63).

Figure 7-63 Downloadable ACL creation

4. Click Add.