Table of Contents
Advertisement
Chapter 30
Network Admission Control
Configure these timeout values globally Check Box
Configure a NAC Policy
Name Field
Select an Interface List
Admission Rule Field
OL-4015-12
Click this check box to have these values apply to all interfaces.
A NAC policy enables the posture validation process on a router interface, and can
be used to specify the types of traffic that are to be exempt from posture validation
in the admission control process.
Enter a name for the policy.
Choose the interface to which you want to apply the NAC policy. Choose an
interface that connects network clients to the router.
You can use an access rule to exempt specific traffic from triggering the admission
control process. It is not required. Enter the name or the number of the access rule
that you want to use for the admission rule. You can also click the button to the
right of this field and browse for the access rule, or create a new access rule.
The access rule must contain deny statements that specify the traffic that is to be
exempted from the admission control process. No posture validation triggering
occurs if the access rule contains only deny statements.
An example of ACL entries for a NAC admission rule follows:
deny udp any host 10.10.30.10 eq domain
deny tcp any host 10.10.20.10 eq www
permit ip any any
The first deny statement exempts traffic with a destination of port 53 (domain),
and the second statement exempts traffic with a destination of port 80 (www). The
permit statement ending the ACL ensures that posture validation occurs.
Cisco Router and Security Device Manager 2.5 User's Guide
Edit NAC Tab
30-17
Advertisement
Table of Contents
Troubleshooting
