70-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter70 Configuring Network Admission Control
Viewing the NAC Policies on the Security Appliance
Detailed Steps.
Command Purpose
Step1 show running-config nac-policy
Example:
hostname# show running-config nac-policy
nac-policy nacframework1 nac-framework
default-acl acl-1
reval-period 36000
sq-period 300
exempt-list os "Windows XP" filter acl-2
hostname#
Views any NAC policies that are already set up on
the ASA.
Shows the configuration of a NAC policy named
nac-framework1
Step2 default-acl—NAC default ACL applied before posture
validation. Following posture validation, the security
appliance replaces the default ACL with the one
obtained from the Access Control Server for the remote
host. The ASA retains the default ACL if posture
validation fails.
reval-period—Number of seconds between each
successful posture validation in a NAC Framework
session.
sq-period—Number of seconds between each successful
posture validation in a NAC Framework session and the
next query for changes in the host posture.
exempt-list—Operating system names that are exempt
from posture validation. Also shows an optional ACL to
filter the traffic if the remote computer’s operating
system matches the name.
authentication-server-group—Name of the of
authentication server group to be used for NAC posture
validation.
Shows the nac-framework attributes.