70-11
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter70 Configuring Network Admission Control
Configuring a NAC Policy
Detailed Steps
Configuring Exemptions from NAC
The ASA configuration stores a list of exemptions from NAC posture validation. You can specify the
operating systems that are exempt. If you specify an ACL, the client running the operating system
specified is exempt from posture validation and the client traffic is subject to the ACL.
To add an entry to the list of remote computer types that are exempt from NAC posture validation, enter
the following command in nac-policy-nac-framework configuration mode:
Command Purpose
Step1 nac-policy-nac-framework Switches to nac-policy-nac-framework
configuration mode.
Step2 default-acl acl-name
Example:
hostname(config-nac-policy-nac-framework)#
default-acl acl-2
hostname(config-nac-policy-nac-framework)
Specifies which ACL to use as the default ACL for
NAC sessions.
acl-name is the name of the access control list to be
applied to the session.
Identifies ac1-2 as which ACL to apply before
posture validation succeeds.
Step3 (Optional)
[no] default-acl acl-name
Removes the command from the NAC framework
policy. Specifying the acl-name is optional.