C H A P T E R 33 Configuring Network Admission Control - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Basic Settings
Configuring Basic Settings
The instructions in the following sections describe how to enter the minimum set of commands to
configure support for NAC on the security appliance:
•
•
•
•
See
Note
Specifying the Access Control Server Group
You must configure at least one Cisco Access Control Server to support NAC. Then use the aaa-server
host command to name the Access Control Server group even if the group contains only one server. Then
enter the following command in tunnel-group general-attributes configuration mode to specify the same
group as the group to be used for NAC posture validation:
server-group must match the server-tag variable specified in the aaa-server host command.
For example, enter the following command to specify acs-group1 as the authentication server group to
be used for NAC posture validation:
hostname(config-group-policy)# nac-authentication-server-group acs-group1
hostname(config-group-policy)
To inherit the authentication server group from the default remote access group, access the alternative
group policy from which to inherit it, then enter the following command:
For example:
hostname(config-group-policy)# no nac-authentication-server-group
hostname(config-group-policy)
Enabling NAC
To enable or disable NAC for a group policy, enter the following command in group-policy configuration
mode:
The following example enables NAC for the group policy:
hostname(config-group-policy)# nac enable
hostname(config-group-policy)
Cisco Security Appliance Command Line Configuration Guide
33-2
Specifying the Access Control Server Group, page 33-2
Enabling NAC, page 33-2
Configuring the Default ACL for NAC, page 33-3
Configuring Exemptions from NAC, page 33-4
Uses, Requirements, and Limitations, page 33-1
nac-authentication-server-group server-group
no nac-authentication-server-group
nac {enable | disable}
Chapter 33
Configuring Network Admission Control
before following these instructions.
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
