33-9
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 33 Configuring Network Admission Control
Changing Advanced Settings
Setting the Query-for-Posture-Changes Timer
After each successful posture validation, the security appliance starts a status query timer. The expiration
of this timer triggers a query to the remote host for changes in posture since the last posture validation.
A response indicating no change resets the status query timer. A response indicating a change in posture
triggers an unconditional posture revalidation. The security appliance maintains the current access
policy during revalidation.
By default, the interval between each successful posture validation and the status query, and each
subsequent status query, is 300 seconds (5 minutes). The group policy inherits the value of the status
query timer from the default group policy unless you change it. Enter the following command in
group-policy configuration mode to change the status query interval:
nac-sq-period seconds
seconds must be in the range is 300 to 1800 seconds (5 to 30 minutes).
The following example changes the status query timer to 1800 seconds:
hostname(config-group-policy)# nac-sq-period 1800
hostname(config-group-policy)
To inherit the value of the status query timer from the default group policy, access the alternative group
policy from which to inherit it, then enter the following command.
no nac-sq-period [seconds]
For example:
hostname(config-group-policy)# no nac-sq-period
hostname(config-group-policy)
Setting the Revalidation Timer
After each successful posture validation, the security appliance starts a revalidation timer. The expiration
of this timer triggers the next unconditional posture validation. The security appliance maintains the
current access policy during revalidation.
By default, the interval between each successful posture validation is 36000 seconds (10 hours). The
group policy inherits the value of the revalidation timer from the default group policy unless you change
it. Enter the following command in group-policy configuration mode to change the revalidation interval:
nac-reval-period seconds
seconds must be in the range is 300 to 86400 seconds (5 minutes to 24 hours).
For example, enter the following command to change the revalidation timer to 86400 seconds:
hostname(config-group-policy)# nac-reval-period 86400
hostname(config-group-policy)
To inherit the value of the revalidation timer from the default group policy, access the alternative group
policy from which to inherit it, then enter the following command.
no nac-reval-period
For example:
To Next Page
Loading...
Need help?
General