Cisco ASA 5505 User Manual

Page 1552

Advertising
background image

70-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 70 Configuring Network Admission Control

Configuring a NAC Policy

Detailed Steps

Note

When the command specifies an operating system, it does not overwrite the previously added entry to
the exception list; enter the command once for each operating system and ACL you want to exempt.

Command

Purpose

Step 1

nac-policy-nac-framework

Switches to nac-policy-nac-framework
configuration mode.

Step 2

exempt-list os

"os-name" [ disable | filter acl-name

[ disable ]

Example:

hostname(config-group-policy)# exempt-list os

"Windows XP"

hostname(config-group-policy)

hostname(config-nac-policy-nac-framework)#

exempt-list os "Windows XP" filter acl-2

hostname(config-nac-policy-nac-framework)

hostname(config-nac-policy-nac-framework)# no

exempt-list os "Windows XP" filter acl-2

hostname(config-nac-policy-nac-framework)

Adds an entry to the list of remote computer types
that are exempt from NAC posture validation.

os-name is the operating system name. Use
quotation marks if the name includes a space
(for example, “Windows XP”).

filter applies an ACL to filter the traffic if the
computer’s operating system matches the os
name. The filter/acl-name pair is optional.

disable performs one of two functions, as
follows:

If you enter it after the "os-name," the ASA
ignores the exemption, and applies NAC
posture validation to the remote hosts that
are running that operating system.

If you enter it after the acl-name, ASA
exempts the operating system, but does not
apply the ACL to the associated traffic.

acl-name is the name of the ACL present in the
ASA configuration. When specified, it must
follow the filter keyword.

Adds all hosts running Windows XP to the list of
computers that are exempt from posture validation.

Exempts all hosts running Windows XP and applies
the ACL acl-2 to traffic from those hosts

Removes the same entry from the exemption list.

Step 3

(Optional)

[no] exempt-list os "os-name" [ disable | filter

acl-name [ disable ] ]

Example:

hostname(config-nac-policy-nac-framework)# no

exempt-list

hostname(config-nac-policy-nac-framework)

Removes all exemptions from the NAC framework
policy. Specifying an entry when issuing the no form
of the command removes the entry from the
exemption list.

Removes all entries from the exemption list.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals