EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #659 background imageLoading...
Page #659 background image
33-5
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 33 Configuring Network Admission Control
Changing Advanced Settings
For example, enter the following command to remove the entry with Windows 98 and acl-1 from the
exemption list, regardless of whether it is disabled:
hostname(config-group-policy)# no vpn-nac-exempt os "Windows 98" filter acl-1
hostname(config-group-policy)
To remove all entries from the exemption list associated with this group policy and inherit the list from
the default group policy, enter the following command without specifying additional keywords:
no vpn-nac-exempt
For example:
hostname(config-group-policy)# no vpn-nac-exempt
hostname(config-group-policy)
Changing Advanced Settings
The security appliance provides default settings for NAC. Use the instructions in this section to adjust
these settings for adherence to the policies in force in your network.
Changing Clientless Authentication Settings
NAC support for clientless authentication is configurable. It applies to hosts that do not have a posture
agent, such as the Cisco Trust Agent. The security appliance applies the default access policy, sends the
EAP over UDP request for posture validation, and the request times out. If the security appliance is not
configured to request a policy for clientless hosts from the Access Control Server, it retains the default
access policy already in use for the clientless host. If the security appliance is configured to request a
policy for clientless hosts from the Access Control Server, it does so and the Access Control Server
downloads the access policy to be enforced by the security appliance.
Enabling and Disabling Clientless Authentication
Enter the following command in global configuration mode to enable clientless authentication:
eou allow clientless
For example:
hostname(config)# eou allow clientless
hostname(config)#
The eou clientless command is meaningful only if NAC is enabled.
Note Clientless authentication is enabled by default.
Enter the following command in global configuration mode to disable clientless authentication:
no eou allow clientless

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals