Chapter 14 Network Admission Control
NAC Databases
14-12
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Cisco Secure ACS communicates with a NAC client, the identifiers are numerical.
In the HTML interface, when you define rules for local policies, attributes are
identified by the names assigned to vendor, application, and attribute. For
example, the CTA attribute for the version of the operating system is
Cisco:PA:OS-Version. The data that Cisco Secure ACS receives identifies the
attribute with the numeric identifiers 9, 1, and 6, which are the identifiers for
Cisco, CTA, and the sixth attribute of CTA.
For more information about attributes, including data types and operators used in
rules for local policies, see About Rules, Rule Elements, and Attributes,
page 14-19.
NAC Database Configuration Options
On the Expected Host Configuration page you can configure a NAC database. The
options for configuring a NAC database are as follows:
• Mandatory Credential Types—Displays the following options:
–
Credential Types—Displays the credential types that must be present in
a posture validation request in order for Cisco Secure ACS to use the
database to evaluate the request. If a request does not contain the
mandatory credential types, Cisco Secure ACS will not use the database
to evaluate the request.
Note The Unknown User Policy uses the mandatory credential types to
determine if Cisco Secure ACS can use a given NAC database to
evaluate a posture validation request. For more information, see
Chapter 15, “Unknown User Policy”.
–
Edit List button—Enables you to access the Edit Credential Types page
for the NAC database.
• Credential Validation Policies—Lists the policies Cisco Secure ACS
applies to each posture validation request evaluated by the NAC database.
This table contains the following options:
–
Type—Indicates whether the policy is a local policy or an external
policy.