Local policies – Cisco 3.3 User Manual

Page 589

Advertising
background image

14-17

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 14 Network Admission Control

NAC Policies

Policies are reusable; that is, you can associate a single policy with more than one
NAC database. For example, if your NAC implementation requires two NAC
databases, one for NAC clients using NAI software and one for NAC clients using
Symantec software, you may need to apply the same rules about the operating
system of the NAC client regardless of which anti-virus application is installed.
You can create a single policy that enforces rules about the operating system and
associate it with the Symantec NAC database and the NAI NAC database.

The results of applying a policy are as follows:

Result credential type—The credential type and, therefore, the
NAC-compliant application to which the policy evaluation result applies.

Token—One of five predefined tokens that represents the posture of the NAC
client and, specifically, the application defined by the result credential type.

Action—An optional text string, sent in the posture validation response to the
application defined by the result credential type.

There are two kinds of policies: local and external.

This section contains the following topics:

Local Policies, page 14-17

External Policies, page 14-28

Editing a Policy, page 14-34

Deleting a Policy, page 14-36

Local Policies

This section contains the following topics:

About Local Policies, page 14-18

About Rules, Rule Elements, and Attributes, page 14-19

Local Policy Configuration Options, page 14-22

Rule Configuration Options, page 14-24

Creating a Local Policy, page 14-25

Advertising