Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

problem with nac l2 ip configuration

from [nac] Network Security [Permanent Link]
Subject: problem with nac l2 ip configuration
Date: 13 Jun 2006 16:57:50 -0000 
I am trying to configure NAC L2 IP on a Catalyst 3550. After finishing, nothing 
happends. Here is my config file. Can someone see a fault in it?
Thanks for your help

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
aaa new-model
aaa authentication eou default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
ip subnet-zero
ip admission name NAC-L2-IP eapoudp
!
ip dhcp snooping vlan 1000
ip dhcp snooping
ip device tracking
vtp domain nws
vtp mode transparent
!
!
!
!
!
eou logging
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 200,638
!
interface FastEthernet0/1
switchport mode access
ip access-group interfac_acl in
ip admission NAC-L2-IP
!
interface FastEthernet0/2
switchport mode dynamic desirable
......
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport access vlan 200
switchport mode dynamic desirable
speed 100
duplex full
ip dhcp snooping trust
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan200
ip address 10.0.200.1 255.255.255.0
!
interface Vlan1000
ip address 10.7.1.1 255.255.255.0
ip helper-address 10.0.200.2
!
ip classless
ip http server
ip http secure-server
ip radius source-interface Vlan200
!
ip access-list extended interface_acl
permit udp any any eq 21862
remark allow dhcp
permit udp any eq bootpc any eq bootps
remark allow dns
permit udp any any eq domain
remark allow http access to update server
permit tcp any host 10.0.200.30 eq www
remark allow icmp
permit icmp any any
remark implicent deny
deny ip any any
!
radius-server attribute 8 include-in-access-req
radius-server host 10.0.200.2 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key cisco123
radius-server vsa send authentication
!
control-plane
!
!
line con 0
line vty 5 13
line vty 14 15
exec-timeout 0 0
!
!
end


Sorry for my last post. Something went wrong by posting it.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Should FW have DNS name?, terry white
Next by Date:  RE: [Fwbuilder-discussion] Should FW have DNS name?, ted creedon
Previous by Thread:  Re: Re: support for nac, nac
Next by Thread:  SV: problem with nac l2 ip configuration, Jan Nielsen
Indexes:  [Date] [Thread] [Top] [All Lists]