Filter
Top Products
9-53
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 8: Set Up Templates to Create NAPs
If you configure the default ACL on the switch and the ACS sends a host access policy to the switch, the
switch applies the policy to traffic from the host that is connected to a switch port. If the policy applies
to the traffic, the switch forwards the traffic. If the policy does not apply, the switch applies the default
ACL. However, if the switch gets a host access policy from the ACS, but the default ACL is not
configured, the NAC Layer 2 IP configuration does not take effect.
When ACS sends the switch a downloadable ACL that specifies a redirect URL as a policy-map action,
this ACL takes precedence over the default ACL that is already configured on the switch port. The
default ACL also takes precedence over the policy that is already configured on the host. If the default
port ACL is not configured on the switch, the switch can still apply the downloadable ACL from ACS.
You use this template for access requests from Layer 2 devices that do not have the 802.1x client
installed. The Authentication Bypass (802.1x fallback) template is used for access requests to bypass the
nonclient authentication process. Users are mapped to a User Group based on their identity.
Note Do not click the Populate from Global button; otherwise, the settings for this authentication field will
be inherited from the settings in the Global Authentication Setup in System Configuration.
Protocols Settings
Figure 9-37 shows the Protocols settings for the NAC Layer 2 template.
Figure 9-37 Protocols Setting for NAC Layer 2 Template
On this page, you can see the Layer 2 NAC template configuration for protocols. The default settings are:
• In the EAP Configuration area, posture validation is enabled.
• Allow EAP-Fast Configuration is checked, which means that this profile allows
EAP-FAST
authentication.