Configuring Nac Session Attributes - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 33
Configuring Network Admission Control
Configuring NAC Session Attributes
The ASA provides default settings for the attributes that specify communications between the security
appliance and the remote host. These attributes specify the port no. to communicate with posture agents
on remote hosts and the expiration counters that impose limits on the communications with the posture
agents. These attributes, the default settings, and the commands you can enter to change them are as
follows:
•
•
OL-10088-01
Port no. on the client endpoint to be used for EAP over UDP communication with posture agents.
The default port no. is 21862. Enter the following command in global communication mode to
change it:
eou port port_number
port_number must match the port number configured on the CTA. Enter a value in the range 1024
to 65535.
For example, enter the following command to change the port number for EAP over UDP
communication to 62445:
hostname(config)# eou port 62445
hostname(config)#
To change the port number to its default value, use the no form of this command, as follows:
no eou port
For example:
hostname(config)# no eou port
hostname(config)#
Retransmission retry timer
When the security appliance sends an EAP over UDP message to the remote host, it waits for a
response. If it fails to receive a response within n seconds, it resends the EAP over UDP message.
By default, the retransmission timer is 3 seconds. To change this value, enter the following command
in global configuration mode:
eou timeout retransmit seconds
seconds is a value in the range 1 to 60.
The following example changes the retransmission timer to 6 seconds:
hostname(config)# eou timeout retransmit 6
hostname(config)#
To change the retransmission retry timer to its default value, use the no form of this command, as
follows:
no eou timeout retransmit
For example:
hostname(config)# no eou timeout retransmit
hostname(config)#
Cisco Security Appliance Command Line Configuration Guide
Changing Advanced Settings
33-7
Advertisement
Table of Contents
Troubleshooting
