70-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter70 Configuring Network Admission Control
Configuring a NAC Policy
Detailed Steps
Configuring a NAC Policy
After you use the nac-policy command to name a NAC Framework policy, use the following sections to
assign values to its attributes before you assign it to a group policy.

Specifying the Access Control Server Group

You must configure at least one Cisco Access Control Server to support NAC.
Command Purpose
Step1 global Switches to global configuration mode.
Step2 nac-policy nac-policy-name nac-framework
Example:
hostname(config)# nac-policy nac-framework1
nac-framework
hostname(config-nac-policy-nac-framework)
Adds or modifies a NAC policy.
nac-policy-name is the name of a new NAC policy or
one that is already present. The name is a string of
up to 64 characters.
nac-framework specifies that a NAC Framework
configuration will provide a network access policy
for remote hosts. A Cisco Access Control Server
must be present on the network to provide NAC
Framework services for the ASA. When you specify
this type, the prompt indicates you are in
nac-policy-nac-framework configuration mode.
This mode lets you configure the NAC Framework
policy.
Note You can create more than one NAC
Framework policy, but you can assign no
more than one to a group policy.
Creates and accesses a NAC framework policy
named nac-framework1.
Step3 (Optional)
[no] nac-policy nac-policy-name nac-framework
Removes a NAC policy from the configuration. You
must specify both the name and type of the policy.
Step4 (Optional)
clear configure nac-policy
Removes all NAC policies fromthe configuration
except for those that are assigned to group policies.
Step5 show running-config nac-policy Displays the name and configuration of each NAC
policy already present on the security appliance.