Cisco Cisco Clean Access 3.5
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
8-22
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 8 User Management: Traffic Control, Bandwidth, Schedule
Example Traffic Policies
Example Traffic Policies
This section describes the following:
•
•
•
Allowing Authentication Server Traffic for Windows Domain Authentication
If you desire your users on the network to be able to authenticate to a Windows domain prior to
authenticating to Cisco Clean Access, the following minimum policies allow users in the
Unauthenticated role access to login servers AD (NTLM):
authenticating to Cisco Clean Access, the following minimum policies allow users in the
Unauthenticated role access to login servers AD (NTLM):
Allow TCP *:* Server/255.255.255.255: 88
Allow UDP *:* Server/255.255.255.255: 88
Allow TCP *:* Server/255.255.255.255: 389
Allow UDP *:* Server/255.255.255.255: 389
Allow TCP *:* Server/255.255.255.255: 445
Allow UDP *:* Server/255.255.255.255: 445
Allow TCP *:* Server/255.255.255.255: 135
Allow UDP *:* Server/255.255.255.255: 135
Allow TCP *:* Server/255.255.255.255: 3268
Allow UDP *:* Server/255.255.255.255: 3268
Allow TCP *:* Server/255.255.255.255: 139
Allow TCP *:* Server/255.255.255.255: 1025
Allowing Gaming Ports
To allow gaming services, such as Microsoft Xbox Live, it is recommended to create a gaming user role
and to add a filter for the device MAC addresses (under Device Management > Filters > Devices >
New) to place the devices into that gaming role. You can then create traffic policies for the role to allow
traffic for gaming ports.
and to add a filter for the device MAC addresses (under Device Management > Filters > Devices >
New) to place the devices into that gaming role. You can then create traffic policies for the role to allow
traffic for gaming ports.
Microsoft Xbox
The following are suggested policies to allow access for Microsoft Xbox ports:
•
Kerberos-Sec (UDP); Port 88; UDP; Send Receive
•
DNS Query (UDP); Port 53; Send 3074 over UDP/tcp
•
Game Server Port (TCP): 22042
•
Voice Chat Port (TCP/UDP): 22043-22050
•
Peer Ping Port (UDP): 13139
•
Peer Query Port (UDP): 6500