Nac policies – Cisco 3.3 User Manual

Page 588

Advertising
background image

Chapter 14 Network Admission Control

NAC Policies

14-16

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

b.

If you need to create a policy, do one of the following, as applicable:

Click New Local Policy and follow the steps in

Creating a Local Policy,

page 14-25

before continuing this procedure.

Click New External Policy and follow the steps in

Creating an External

Policy, page 14-32

before continuing this procedure.

c.

For each policy that you want to use to validate NAC clients with this NAC
database, select the policy in the Available Policies list and click the right
arrow (-->).

The policy appears in the Selected Policies list.

Tip

To remove a policy from the Selected Policies list, select it and click the
left arrow (<--).

d.

Click Submit.

In the Credential Validation Policies table, the Expected Host Configuration
page displays the policies you selected.

e.

Repeat

a.

through

d.

, as needed.

Step 9

Click Save Configuration.

Cisco Secure ACS saves the NAC database you created.

You can add the new NAC database to the Unknown User Policy and you can
configure group mapping for the NAC database.

Note

Until group mapping is established, posture validation with the new NAC
database does not control access of the NAC client.

NAC Policies

Cisco Secure ACS applies to a validation request the policies that you have
selected for the NAC database that Cisco Secure ACS uses to evaluate the request.

Advertising