Snippet from R1 acting as ASBR with static route towards external router showing the redistribution of the external route into OSPF.
ip route 184.108.40.206 255.255.255.255 10.10.10.2 weight 1
ip route 220.127.116.11 255.255.255.255 10.10.10.2 enable
ip prefix-list StaticOSPFRedistribute 18.104.22.168/32 ge 32 le 32
route-map “OSPFStatic” 1
match network “StaticOSPFRedistribute”
redistribute static route-map “OSPFStatic”
redistribute static metric 10
redistribute static metric-type type1
redistribute static enable
#WARNING: Routes will not be injected until apply command is issued after enable command
ip ospf apply redistribute static
show ip route
show ip ospf redistribute
show ip prefix-list
show route-map detail
Create a rule for machine login that checks the computer is a domain joined machine. A Windows machine in a logged out state will add “host” in front of the hostname and in order to authenticate the machine EAC needs to perform a User lookup in Active Directory.
This lookup uses a servicePrincipalName and an LDAP authentication rule should be added which looks for host/* and searches AD using an LDAP Configuration that searches based on servicePrincipalName. This means an additional LDAP Configuration will be needed to lookup machines to validate they are allowed on the network. It can still use the same LDAP server as for User logins but the attributes will be different.
This is covered by the following GTAC solution which can be referenced and used for your own XMC EAC implementation. The key point to note is that in End Systems table the Username column will show different information for when there is nobody logged into the machine and when somebody has logged into the machine. This is why there is a need for two LDAP Configurations, one that covers Machine logins (servicePrincipalName) and one which covers Machine (cn) and User (sAmAccountName) logins.