Configuring Basic Settings
Configuring Basic Settings
The instructions in the following sections describe how to enter the minimum set of commands to
configure support for NAC on the security appliance:
•
•
•
•
See
Note
Specifying the Access Control Server Group
You must configure at least one Cisco Access Control Server to support NAC. Then use the aaa-server
host command to name the Access Control Server group even if the group contains only one server. Then
enter the following command in tunnel-group general-attributes configuration mode to specify the same
group as the group to be used for NAC posture validation:
server-group must match the server-tag variable specified in the aaa-server host command.
For example, enter the following command to specify acs-group1 as the authentication server group to
be used for NAC posture validation:
hostname(config-group-policy)# nac-authentication-server-group acs-group1
hostname(config-group-policy)
To inherit the authentication server group from the default remote access group, access the alternative
group policy from which to inherit it, then enter the following command:
For example:
hostname(config-group-policy)# no nac-authentication-server-group
hostname(config-group-policy)
Enabling NAC
To enable or disable NAC for a group policy, enter the following command in group-policy configuration
mode:
The following example enables NAC for the group policy:
hostname(config-group-policy)# nac enable
hostname(config-group-policy)
Cisco Security Appliance Command Line Configuration Guide
33-2
Specifying the Access Control Server Group, page 33-2
Enabling NAC, page 33-2
Configuring the Default ACL for NAC, page 33-3
Configuring Exemptions from NAC, page 33-4
Uses, Requirements, and Limitations, page 33-1
nac-authentication-server-group server-group
no nac-authentication-server-group
nac {enable | disable}
Chapter 33
Configuring Network Admission Control
before following these instructions.
OL-10088-01