Chapter 14 Network Admission Control
NAC Policies
14-28
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
When Cisco Secure ACS applies this policy to a posture validation request and
none of the configurable rules match the request, Cisco Secure ACS associates
with the policy the default result credential type, token, and action that you
specify.
Step 7 Click Submit.
The Select Local Policies page displays the new policy in the Available Policies
list.
Tip You can add the policy to any NAC database, not just the NAC database
you clicked through to reach the Local Policy Configuration page.
Step 8 If you are in the process of configuring a new NAC database, resume performing
the steps in Configuring a NAC Database, page 14-14.
External Policies
This section contains the following topics:
• About External Policies, page 14-28
• External Policy Configuration Options, page 14-29
• Creating an External Policy, page 14-32
About External Policies
External policies are policies that define an external NAC server, usually from an
anti-virus vendor, and a set of credential types to be forwarded to the external
database. You also have the option of defining a secondary external NAC server.
Cisco Secure ACS does not determine the result of applying an external policy;
instead, it forwards the selected credentials to the external NAC server and
expects to receive the results of the policy evaluation: an APT, a result credential
type, and an action.
Each external policy associated with a NAC database must return a result;
otherwise, Cisco Secure ACS rejects policy validation requests evaluated with a
NAC database whose external policies do not return a result. For example, if