Creating traffic policies – IBM Tivoli and Cisco User Manual

Chapter 7. Network enforcement subsystem implementation

329

4. The new role should be visible under

List Of Roles

, depicted in Figure 7-97.

Figure 7-97 List of Roles

Creating traffic policies

For new installations of Cisco NAC Appliance, the default allows all traffic from
the trusted network to the untrusted network, and to block all traffic from the
untrusted network to the trusted network.

Two types of traffic policies are available, IP-based policies and host-based
policies:

IP-based policies

Allow you to specify IP protocol numbers, as well as
source and destination port numbers. IP-based policies
can block or allow traffic moving from the untrusted to the
trusted network and vice-versa.

Host-based policies Are less flexible than IP-based policies, but have the

advantage of allowing a host to be specified by host name
or domain name when a host has multiple or dynamic IP
addresses.

1. Click User Management

→

User Roles

→

Traffic Control

→

IP.