Chapter 14 Network Admission Control
NAC Policies
14-16
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
b. If you need to create a policy, do one of the following, as applicable:
• Click New Local Policy and follow the steps in Creating a Local Policy,
page 14-25 before continuing this procedure.
• Click New External Policy and follow the steps in Creating an External
Policy, page 14-32 before continuing this procedure.
c. For each policy that you want to use to validate NAC clients with this NAC
database, select the policy in the Available Policies list and click the right
arrow (-->).
The policy appears in the Selected Policies list.
Tip To remove a policy from the Selected Policies list, select it and click the
left arrow (<--).
d. Click Submit.
In the Credential Validation Policies table, the Expected Host Configuration
page displays the policies you selected.
e. Repeat a. through d., as needed.
Step 9 Click Save Configuration.
Cisco Secure ACS saves the NAC database you created.
You can add the new NAC database to the Unknown User Policy and you can
configure group mapping for the NAC database.
Note Until group mapping is established, posture validation with the new NAC
database does not control access of the NAC client.
NAC Policies
Cisco Secure ACS applies to a validation request the policies that you have
selected for the NAC database that Cisco Secure ACS uses to evaluate the request.