Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SV: problem with nac l2 ip configuration

from [Jan Nielsen] Network Security [Permanent Link]
Subject: SV: problem with nac l2 ip configuration
Date: Tue, 13 Jun 2006 20:25:36 +0200 
Looks fine to me, I would look into the ACS 4.0 config, this is where the
real task is. Also do some debug eou to check if its actually picking up on
your pc being inserted into a port.

Regards
Jan 

-----Oprindelig meddelelse-----
Fra: boyakash@cp.goodydomains.com [mailto:boyakash@cp.goodydomains.com] På
vegne af nac@k-multimedia.de
Sendt: 13. juni 2006 18:58
Til: firewalls@securityfocus.com
Emne: problem with nac l2 ip configuration

I am trying to configure NAC L2 IP on a Catalyst 3550. After finishing,
nothing happends. Here is my config file. Can someone see a fault in it?
Thanks for your help

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
aaa new-model
aaa authentication eou default group radius aaa authorization network
default group radius aaa accounting network default start-stop group radius
!
aaa session-id common
ip subnet-zero
ip admission name NAC-L2-IP eapoudp
!
ip dhcp snooping vlan 1000
ip dhcp snooping
ip device tracking
vtp domain nws
vtp mode transparent
!
!
!
!
!
eou logging
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending !
vlan 200,638
!
interface FastEthernet0/1
switchport mode access
ip access-group interfac_acl in
ip admission NAC-L2-IP
!
interface FastEthernet0/2
switchport mode dynamic desirable
......
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport access vlan 200
switchport mode dynamic desirable
speed 100
duplex full
ip dhcp snooping trust
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan200
ip address 10.0.200.1 255.255.255.0
!
interface Vlan1000
ip address 10.7.1.1 255.255.255.0
ip helper-address 10.0.200.2
!
ip classless
ip http server
ip http secure-server
ip radius source-interface Vlan200
!
ip access-list extended interface_acl
permit udp any any eq 21862
remark allow dhcp
permit udp any eq bootpc any eq bootps
remark allow dns
permit udp any any eq domain
remark allow http access to update server permit tcp any host 10.0.200.30 eq
www remark allow icmp permit icmp any any remark implicent deny deny ip any
any !
radius-server attribute 8 include-in-access-req radius-server host
10.0.200.2 auth-port 1645 acct-port 1646 radius-server source-ports
1645-1646 radius-server key cisco123 radius-server vsa send authentication !
control-plane
!
!
line con 0
line vty 5 13
line vty 14 15
exec-timeout 0 0
!
!
end


Sorry for my last post. Something went wrong by posting it.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Copy private key VPN 3030, Angel Alonso Párrizas
Next by Date:  RE: Should FW have DNS name?, Craig Wright
Previous by Thread:  problem with nac l2 ip configuration, nac
Next by Thread:  Copy private key VPN 3030, Angel Alonso Párrizas
Indexes:  [Date] [Thread] [Top] [All Lists]