Filter
Top Products
61-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 61 Configuring Identity Policies
Network Admission Control Policy Page
Network Admission Control Page—Interfaces Tab
Use the Network Admission Control Interfaces tab to select and configure the router interfaces on which
to perform NAC. This includes configuring the Intercept ACL and selected EoU interface parameters. A
NAC policy must include at least one interface definition in order to function.
Navigation Path
Go to the Network Admission Control Policy Page, page 61-14, then click the Interfaces tab.
Related Topics
• Defining NAC Interface Parameters, page 61-11
• Network Admission Control Page—Setup Tab, page 61-14
• Network Admission Control Page—Identities Tab, page 61-18
• Table Columns and Column Heading Features, page 1-46
• Filtering Tables, page 1-45
Field Reference
Port The UDP port to use for EAP over UDP sessions.
Valid values range from 1 to 65535. The default is 21862.
Note For NAC to work, the default ACL on this router must permit
UDP traffic over the port designated here for EAP over UDP
traffic. For more information, see Chapter 16, “Managing
Firewall Access Rules”.
Enable Logging When selected, EAP over UDP events on this router are logged to the
device.
When deselected, EAP over UDP logging is disabled. This is the
default.
Table 61-2 Network Admission Control Setup Tab (Continued)
Element Description
Table 61-3 Network Admission Control Interfaces Tab
Element Description
Interfaces The name of the interface on which NAC is being performed.
Intercept ACL The name of the Intercept ACL, which determines the incoming traffic
that triggers the interface to make a posture validation check.
EoU Max Retries The maximum number of retries that this interface should perform
when it initializes an EoU session with a connecting device.
Revalidate Indicates whether the interface revalidates its EoU sessions to make
sure they are still active.
Add button Opens the NAC Interface Configuration Dialog Box, page 61-17. From
here you can define a NAC interface.