30-7
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter30 Network Admission Control
Create NAC Tab
policies on the NAC policy server, and then reconfigure NAC on the router to
use Strict Validation, by changing the ACL applied to the interface to
deny ip any any using the Cisco SDM Firewall Policy feature.
NAC Exception List
You can identify hosts that must be allowed to bypass the NAC validation process.
Typically, hosts such as printers, IP phones, and hosts without NAC posture agent
software installed are added to the exception list.
If there are hosts without static addresses on your network it is recommen ded that
they be entered in the agentless host policy, and not in the NAC exception list. The
NAC exception policy may not work properly if host IP addresses change.
If you are using the NAC wizard and you do not need to configure a NAC
exception list, you can click Next without entering information in this window.
As an alternative or as a complement to the NAC exception list, the wizard allows
you to configure an agentless host policy in another window.

IP Address/MAC Address/Device Type, Address/Device, and Policy Columns

These columns contain information about a host in the exception list. A host can
be identified by its IP address, MAC address, or the type of device it is. If it is
identified by an address, the IP address or MAC address is shown in the row along
with the name of the policy that governs the host access to the network.
Add, Edit, and Delete Buttons
Build the exception list by clicking Add and entering information about a host.
You can use the Add button as many times as you need to.
Choose a row and click Edit to change information about a host. Click Delete to
remove information about a host from this window. The Edit and Delete buttons
are disabled when there is no information in this list.

Add or Edit an Exception List Entry

Add or edit the information in an exception list entry in this window.