Assigning A Nac Policy To A Group Policy; Changing Global Nac Framework Settings; Changing Clientless Authentication Settings - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Assigning a NAC Policy to a Group Policy
The following example removes all entries from the exemption list:
hostname(config-nac-policy-nac-framework)# no exempt-list
hostname(config-nac-policy-nac-framework)
Assigning a NAC Policy to a Group Policy
Upon completion of each tunnel setup, the security appliance applies the NAC policy, if it is assigned to
the group policy, to the session.
To assign a NAC policy to a group policy, use the
mode, as follows:
no nac-settings
nac-settings value from the default group policy.
nac-settings none
policy for this group policy. The group policy does not inherit the nac-settings value from the default
group policy.
nac-settings value
configuration of each NAC policy, enter the
By default, the
security appliance automatically enables NAC for a group policy when you assign a NAC policy to it.
The following example command assigns the NAC policy named framework1 to the group policy:
hostname(config-group-policy)# nac-settings value framework1
hostname(config-group-policy)
Changing Global NAC Framework Settings
The security appliance provides default settings for a NAC Framework configuration. Use the
instructions in this section to adjust these settings for adherence to the policies in force in your network.
Changing Clientless Authentication Settings
NAC Framework support for clientless authentication is configurable. It applies to hosts that do not have
a Cisco Trust Agent to fulfill the role of posture agent. The security appliance applies the default access
policy, sends the EAP over UDP request for posture validation, and the request times out. If the security
appliance is not configured to request a policy for clientless hosts from the Access Control Server, it
retains the default access policy already in use for the clientless host. If the security appliance is
configured to request a policy for clientless hosts from the Access Control Server, it does so and the
Access Control Server downloads the access policy to be enforced by the security appliance.
Cisco Security Appliance Command Line Configuration Guide
33-8
[
]
{ value nac-policy-name | none }
no
nac-settings
removes the nac-policy-name from the group policy. The group policy inherits the
removes the nac-policy-name from the group policy and disables the use of a NAC
assigns the NAC policy you name to the group policy. To display the name and
command is not present in the configuration of each group policy. The
nac-settings
Chapter 33
Configuring Network Admission Control
command in group-policy configuration
nac-settings
show running-config nac-policy
command.
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
