Filter
Top Products
70-24
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 70 Configuring Dynamic Access Policies
Configuring Endpoint Attributes Used in DAPs
Guidelines
You can create multiple instances of each type of endpoint attribute. For each of these types, you need
to decide whether the DAP policy should require that the user have all instances of a type (Match all =
AND) or only one of them (Match Any = OR).
To set this value, after you have defined all instances of the endpoint attribute, click the Logical Op.
button and select the Match Any or Match All button. If you do not specify a Logical Operation, Match
Any is used by default.
Detailed Steps
Step 1 In the Endpoint Attribute Type list box, select Device.
Step 2 Check the Host Name checkbox and set the operation field to be equal to (=) or not equal to (!=) the host
name of the device you are testing for. Use the computer’s host name only, not the fully qualified domain
name (FQDN).
Step 3 Check the MAC address checkbox and set the operation field to be equal to (=) or not equal to (!=) the
MAC address of the network interface card you are testing for. Only one MAC address per entry. The
address must be in the format xxxx.xxxx.xxxx where x is a hexadecimal character.
Step 4 Check the BIOS Serial Number checkbox and set the operation field to be equal to (=) or not equal to
(!=) the BIOS serial number value of the device you are testing for. The number format is
manufacturer-specific. There is no format requirement.
Step 5 Check the Port Number checkbox and set the operation field to be equal to (=) or not equal to (!=) the
TCP port in listening state you are testing for. You can define a single port per line.
Step 6 Check the Privacy Protection checkbox and set the operation field to be equal to (=) or not equal to (!=)
the component CSD uses to execute the PreLogin Policy.
Step 7 Check the Version of Secure Desktop (CSD) checkbox and set the operation field to be equal to (=) or
not equal to (!=) the version of the Host Scan image running on the endpoint.
Step 8 Check the Version of Endpoint Assessment checkbox and set the operation field to be equal to (=) or
not equal to (!=) the version of endpoint assessment (OPSWAT) you are testing for.
Step 9 Click OK.
Step 10 Return to Configuring Dynamic Access Policies, page 70-10.
Additional References
See Endpoint Attribute Definitions, page 70-29 for additional information on the Device endpoint
attribute requirements.
Adding a NAC Endpoint Attribute to a DAP
Prerequisites
Configuring NAC endpoint attributes as selection criteria for DAP records is part of a larger process.
Read Configuring Dynamic Access Policies, page 70-10 before you configure NAC endpoint attributes.