Filter
Top Products
30-17
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter 30 Network Admission Control
Edit NAC Tab
Configure these timeout values globally Check Box
Click this check box to have these values apply to all interfaces.
Configure a NAC Policy
A NAC policy enables the posture validation process on a router interface, and can
be used to specify the types of traffic that are to be exempt from posture validation
in the admission control process.
Name Field
Enter a name for the policy.
Select an Interface List
Choose the interface to which you want to apply the NAC policy. Choose an
interface that connects network clients to the router.
Admission Rule Field
You can use an access rule to exempt specific traffic from triggering the admission
control process. It is not required. Enter the name or the number of the access rule
that you want to use for the admission rule. You can also click the button to the
right of this field and browse for the access rule, or create a new access rule.
The access rule must contain deny statements that specify the traffic that is to be
exempted from the admission control process. No posture validation triggering
occurs if the access rule contains only deny statements.
An example of ACL entries for a NAC admission rule follows:
deny udp any host 10.10.30.10 eq domain
deny tcp any host 10.10.20.10 eq www
permit ip any any
The first deny statement exempts traffic with a destination of port 53 (domain),
and the second statement exempts traffic with a destination of port 80 (www). The
permit statement ending the ACL ensures that posture validation occurs.