Filter
Top Products
61-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 61 Configuring Identity Policies
Network Admission Control on Cisco IOS Routers
Defining NAC Identity Parameters
By default, any traffic over the selected interfaces that match the intercept ACL is subjected to posture
validation before it is permitted to enter the network. However, you can create an exception list of
predefined actions to apply to specific devices. You use identity profiles to create this exception list.
Each profile contains two elements:
• A profile definition, identifies the device to which the profile applies. Devices can be identified by
their IP addresses, MAC addresses, or types (for Cisco IP phones).
• An action, which defines the result when this device tries to access the network. Each action can
include an ACL, a redirect URL, or both. If you do not specify an action, the default ACL is applied.
When you configure NAC identity parameters, you first define one or more identity actions and then
create the identity profiles to which these actions apply. You can apply each action to multiple profiles.
Related Topics
• Defining NAC Setup Parameters, page 61-10
• Defining NAC Interface Parameters, page 61-11
• Network Admission Control on Cisco IOS Routers, page 61-8
Step 1 Do one of the following:
• (Device view) Select Platform > Identity > Network Admission Control from the Policy selector,
then click the Identities tab in the work area.
• (Policy view) Select Router Platform > Identity > Network Admission Control from the Policy
Type selector. Select an existing policy or create a new one, and then click the Identities tab.
The NAC Identities tab is displayed. See Table 61-5 on page 61-18 for a description of the fields on this
tab.
Step 2 Define one or more identity actions:
a. On the NAC Identities tab, select an identity action from the lower table, then click Add. The NAC
Identity Action dialog box appears.
b. Define an identity action. See Table 61-7 on page 61-20 for a description of the available fields.
c. Click OK to save your definitions and close the dialog box. The action appears in the Identity
Actions table in the NAC Identities tab.
d. (Optional) Repeat a.through c. to define additional identity actions, as required.
Step 3 Define identity profiles:
a. Select an identity profile from the upper table on the NAC Identities tab, then click Add. The NAC
Identity Profile dialog box appears. See Table 61-6 on page 61-19 for a description of the fields in
this dialog box.
b. Enter the name of an identity action (as defined in Step 2) or click Select to display a selector.
c. Select and define a profile definition, which identifies the device to which the profile should apply.
d. Click OK to save your definitions and close the dialog box. The profile appears in the Identity
Profiles table in the NAC Identities tab.
e. (Optional) Repeat a. through d. to define additional identity profiles, as required.