Cisco PIX 500 Series Configuration Manual page 721

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

Configuring Network Admission Control

default-acl acl-1

reval-period 36000

sq-period 300

exempt-list os "Windows XP" filter acl-2

The first line of each NAC policy indicates its name and type (nac-framework).

nac-framework attributes displayed in response to the

reval-period

authentication-server-group

To display the assignment of NAC policies to group policies, enter the following command in privileged

show nac-policy

In addition to listing the NAC policy-to-group policy assignments, the CLI shows which NAC policies

are unassigned and the usage count for each NAC policy, as follows:

asa2(config)# show nac-policy

nac-policy framework1 nac-framework

applied session count = 0

applied group-policy count = 2

group-policy list:

nac-policy framework2 nac-framework is not in use.

asa2(config)#

The CLI shows the text "is not in use" next to the policy type if the policy is not assigned to any group

policies. Otherwise, the CLI displays the policy name and type on the first line and the usage data for

the group policies in subsequent lines.

show running-config nac-policy Command Fields

NAC default ACL applied before posture validation. Following

posture validation, the security appliance replaces the default ACL

with the one obtained from the Access Control Server for the remote

host. The security appliance retains the default ACL if posture

validation fails.

Number of seconds between each successful posture validation in a

NAC Framework session.

Number of seconds between each successful posture validation in a

NAC Framework session and the next query for changes in the host

Operating system names that are exempt from posture validation.

Also shows an optional ACL to filter the traffic if the remote

computer's operating system matches the name.

name of the of authentication server group to be used for NAC posture

GroupPolicy2

Cisco Security Appliance Command Line Configuration Guide

Viewing the NAC Policies on the Security Appliance

show running-config nac-policy

GroupPolicy1

explains the fields in the

explains the

show nac-policy

Troubleshooting

Asa 5500 series

Cisco PIX 500 Series Configuration Manual page 721

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Products for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents