Configuring a nac policy, Specifying the access control server group – Cisco ASA 5505 User Manual
Page 1548
70-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 70 Configuring Network Admission Control
Configuring a NAC Policy
Detailed Steps
Configuring a NAC Policy
After you use the nac-policy command to name a NAC Framework policy, use the following sections to
assign values to its attributes before you assign it to a group policy.
Specifying the Access Control Server Group
You must configure at least one Cisco Access Control Server to support NAC.
Command
Purpose
Step 1
global
Switches to global configuration mode.
Step 2
nac-policy
nac-policy-name
nac-framework
Example:
hostname(config)# nac-policy nac-framework1
nac-framework
hostname(config-nac-policy-nac-framework)
Adds or modifies a NAC policy.
nac-policy-name is the name of a new NAC policy or
one that is already present. The name is a string of
up to 64 characters.
nac-framework
specifies that a NAC Framework
configuration will provide a network access policy
for remote hosts. A Cisco Access Control Server
must be present on the network to provide NAC
Framework services for the ASA. When you specify
this type, the prompt indicates you are in
nac-policy-nac-framework
configuration mode.
This mode lets you configure the NAC Framework
policy.
Note
You can create more than one NAC
Framework policy, but you can assign no
more than one to a group policy.
Creates and accesses a NAC framework policy
named nac-framework1.
Step 3
(Optional)
[
no
]
nac-policy
nac-policy-name
nac-framework
Removes a NAC policy from the configuration. You
must specify both the name and type of the policy.
Step 4
(Optional)
clear configure nac-policy
Removes all NAC policies fromthe configuration
except for those that are assigned to group policies.
Step 5
show running-config nac-policy
Displays the name and configuration of each NAC
policy already present on the security appliance.