Subject: | |
From: | |
Reply To: | |
Date: | Mon, 13 Jun 2005 12:26:10 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hello all,
As we move forward with our implementation of Cisco Clean Access, we require
that anyone using a device that does not have a web browser (and cannot log
in) must register that device's MAC address.
We've created a role for these devices that we believe encompasses those
needed by Xbox, Ps2, and Tivo.
Anyone else taking this approach and want to compare notes? (I'll included
our role policy below).
Thanks,
Bob Black
IT Services
Miami University
Here is the current definition of our role:
Action Prot Untrusted Trusted
Allow UDP *:* *:53
Allow UDP *:53 *:*
Allow UDP *:* *:68
Allow TCP *:* *:68
Allow UDP *:68 *:*
Allow TCP *:* 204.176.49.0 /255.255.255.0 :80
Allow UDP *:* *:88
Allow UDP *:88 *:*
Allow UDP *:* 204.176.49.0 /255.255.255.0 :123
Allow UDP *:* *:1900
Allow UDP *:1900 *:*
Allow TCP *:* 204.176.49.0 /255.255.255.0 :3004
Allow UDP *:* *:3074
Allow TCP *:* *:3074
Allow TCP *:3074 *:*
Allow UDP *:3074 *:*
Allow UDP *:* *:4000
Allow TCP *:* *:4000
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8080
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8081
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8082
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8083
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8084
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8085
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8086
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8087
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8088
Allow TCP *:* 204.176.49.0 /255.255.255.0 :8089
Allow UDP *:* *:10070
Allow TCP *:* *:10070
Allow TCP *:* *:10071
Allow TCP *:* *:10072
Allow TCP *:* *:10073
Allow TCP *:* *:10074
Allow TCP *:* *:10075
Allow TCP *:* *:10076
Allow TCP *:* *:10077
Allow TCP *:* *:10078
Allow TCP *:* *:10079
Allow TCP *:* *:10080
Block ALL
|
|
|