Dell N-Series/OS6 Layer 3 Integration Script

This document provides scripts required to complete the installation of the NAC Solution

NAC Router Integration Script

Powershell
    
​x
 
config!ip access-list impulse_block  permit ip any host 198.31.193.211!ip access-list intranet  remark allow DNS permit udp any any eq domain  remark allow DHCP permit udp any any eq bootps remark allow access to AD server (recommended)  permit ip any host x.x.x.x remark allow access to AV server (recommended if applicable)  permit ip any host x.x.x.x remark allow access to WSUS server (recommended if applicable)  permit ip any host x.x.x.x remark allow RDP access to blocked hosts (optional)  permit tcp any eq 3389 any!route-map impulse deny 10  match ip address intranet!route-map impulse permit 20  match ip address impulse_block set ip next-hop x.x.x.x (ip address of NAC appliance)!sflow 1 destination owner 1 x.x.x.x 50001 (ip address of NAC appliance) sflow 1 polling gigabitethernet x/x/x 15 (L2 interfaces for test VLAN) sflow 1 sampling gigabitethernet x/x/x 1024 (L2 interfaces for test VLAN)!interface fa/gi/vlanX (interface for test subnet) ip policy route-map impulseip helper-address x.x.x.x (ip address of NAC appliance)!exit!exit
Copy

*Note – Be sure to also allow the NAC Enforcer access to the router if a VTY/SSH access-list is present on the router.

Last updated on

Was this page helpful?