Cisco ASA 5505 User Manual

70-6

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 70 Configuring Network Admission Control

Viewing the NAC Policies on the Security Appliance

Detailed Steps.

Command

Purpose

Step 1

show running-config nac-policy

Example:

hostname# show running-config nac-policy

nac-policy nacframework1 nac-framework

default-acl acl-1

reval-period 36000

sq-period 300

exempt-list os "Windows XP" filter acl-2

hostname#

Views any NAC policies that are already set up on
the ASA.

Shows the configuration of a NAC policy named
nac-framework1

Step 2

•

default-acl—NAC default ACL applied before posture
validation. Following posture validation, the security
appliance replaces the default ACL with the one
obtained from the Access Control Server for the remote
host. The ASA retains the default ACL if posture
validation fails.

•

reval-period—Number of seconds between each
successful posture validation in a NAC Framework
session.

•

sq-period—Number of seconds between each successful
posture validation in a NAC Framework session and the
next query for changes in the host posture.

•

exempt-list—Operating system names that are exempt
from posture validation. Also shows an optional ACL to
filter the traffic if the remote computer’s operating
system matches the name.

•

authentication-server-group—Name of the of
authentication server group to be used for NAC posture
validation.

Shows the nac-framework attributes.