Filter
Top Products
9-65
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 8: Set Up Templates to Create NAPs
Sample Posture Validation Rule
Figure 9-49 shows the sample posture validation policy provided with the Wireless (NAC L2 802.1x)
template.
Figure 9-49 Sample Posture Validation Policy for Wireless (NAC L2 802.1x) Template
Note The posture validation policy for the wireless NAC L2 802.1x template is the same as for the NAC L2
802.1x template.
Using a Sample Agentless Host Template
ACS 4.1 provides two sample templates for agentless host processing:
• Agentless Host for L3
• Agentless Host for L2 (802.1x fallback)
These two templates are almost identical. This section documents the steps for using the Agentless Host
for Layer 3 template.
Note You can use the Agentless Host for L2 (802.1x Fallback) profile template to create a profile that matches
a RADIUS request a switch sends. Once the profile is created, an analysis of the RADIUS packet that
comes from the Catalyst 6500 must be done to create an accurate match for the profile. The RADIUS
request from the switch has a Service Type value of 10, just like NAC-L2-IP; but does not have a Cisco
Attribute Value Pair (AV pair) that contains the keyword
service. Therefore, the template enables two
entries in the Advanced Filtering section.
The Agentless Host for Layer 3 template creates a profile for Layer 3 requests that involve agentless host
processing. Before you use this template, you should choose System Configuration > Global
Authentication Setup and check the Enable Posture Validation check box.