Configuring exemptions from nac – Cisco ASA 5505 User Manual

70-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 70 Configuring Network Admission Control

Configuring a NAC Policy

Detailed Steps

Configuring Exemptions from NAC

The ASA configuration stores a list of exemptions from NAC posture validation. You can specify the
operating systems that are exempt. If you specify an ACL, the client running the operating system
specified is exempt from posture validation and the client traffic is subject to the ACL.

To add an entry to the list of remote computer types that are exempt from NAC posture validation, enter
the following command in nac-policy-nac-framework configuration mode:

Command

Purpose

Step 1

nac-policy-nac-framework

Switches to nac-policy-nac-framework
configuration mode.

Step 2

default-acl acl-name

Example:

hostname(config-nac-policy-nac-framework)#

default-acl acl-2

hostname(config-nac-policy-nac-framework)

Specifies which ACL to use as the default ACL for
NAC sessions.

acl-name is the name of the access control list to be
applied to the session.

Identifies ac1-2 as which ACL to apply before
posture validation succeeds.

Step 3

(Optional)

[no] default-acl acl-name

Removes the command from the NAC framework
policy. Specifying the acl-name is optional.