If implementing an out-of-band CCA solution, with a router acting as the Network Access Device (NAD), would the Intercept ACL standard config be to allow access to the network, or just to the submet where the AAA Policy Server, etc are?
If there are URLs to examples, that would help too.
Thanks!