In doc
http://www.cisco.com/en/US/customer/products/ps6350/products_configuration_guide_chapter09186a00804dfa81.html
with regard to the interface ACL it says
access-list access-list-number {permit | deny} protocol source destination
Example:
Router (config)# access-list 105 permit udp any any
or
Router (config)# access-list 105 permit ip host 192.168.0.2 any
or
Router (config)# access-list 105 deny ip any any
Normally "access-list 105 deny ip any any"
would block everything. Is NAC clever enough to allow EAPoUDP traffic through this ACL. If so what is the point of the previous 2 examples, if not what is the point of blocking everything