33-2
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 33 Configuring Network Admission Control
Configuring Basic Settings
Configuring Basic Settings
The instructions in the following sections describe how to enter the minimum set of commands to
configure support for NAC on the security appliance:
• Specifying the Access Control Server Group, page 33-2
• Enabling NAC, page 33-2
• Configuring the Default ACL for NAC, page 33-3
• Configuring Exemptions from NAC, page 33-4
Note See Uses, Requirements, and Limitations, page 33-1 before following these instructions.
Specifying the Access Control Server Group
You must configure at least one Cisco Access Control Server to support NAC. Then use the aaa-server
host command to name the Access Control Server group even if the group contains only one server. Then
enter the following command in tunnel-group general-attributes configuration mode to specify the same
group as the group to be used for NAC posture validation:
nac-authentication-server-group server-group
server-group must match the server-tag variable specified in the aaa-server host command.
For example, enter the following command to specify acs-group1 as the authentication server group to
be used for NAC posture validation:
hostname(config-group-policy)# nac-authentication-server-group acs-group1
hostname(config-group-policy)
To inherit the authentication server group from the default remote access group, access the alternative
group policy from which to inherit it, then enter the following command:
no nac-authentication-server-group
For example:
hostname(config-group-policy)# no nac-authentication-server-group
hostname(config-group-policy)
Enabling NAC
To enable or disable NAC for a group policy, enter the following command in group-policy configuration
mode:
nac {enable | disable}
The following example enables NAC for the group policy:
hostname(config-group-policy)# nac enable
hostname(config-group-policy)
To Next Page
Loading...
Need help?
General