IBM Tivoli and Cisco User Manual
Page 306
288
Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
3. Repeat step 3 on page 265 to step 12 on page 268, using the values listed in
Table 7-8 and Table 7-9. We used the names Healthy_L2IP_RAC and
Quarantine_L2IP_RAC.
Table 7-8 L2 IP Healthy RAC values
Table 7-9 L2 IP Quarantine RAC values
Note: These values are
instead of
the values listed previously, as opposed
to
in addition to
.
Vendor Attribute
Value
Cisco IOS/PIX 6.0
cisco-av-pair (1)
status-query-timeout=30
Cisco IOS/PIX 6.0
cisco-av-pair (1)
sec:pg=healthy_hosts
Cisco IOS/PIX 6.0
cisco-av-pair (1)
url-redirect-acl=healthy_acl
IETF
Session-Timeout (27)
3600
IETF
Termination-Action (29)
RADIUS-Request(1)
Vendor Attribute
Value
Cisco IOS/PIX 6.0
cisco-av-pair (1)
status-query-timeout=30
Cisco IOS/PIX 6.0
cisco-av-pair (1)
sec:pg=quarantine_hosts
Cisco IOS/PIX 6.0
cisco-av-pair (1)
url-redirect-acl=quarantine_acl
IETF
Session-Timeout (27)
3600
IETF
Termination-Action (29)
RADIUS-Request(1)
Note: The name of the ACL specified in the
url-redirect-acl
attribute must be
configured on the switch. It is case-sensitive and must match exactly. If it does
not match, it will not function on the switch. The syntax of the ACL must be
identical also. We suggest using extended access lists.