61-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 61 Configuring Identity Policies
Network Admission Control Policy Page
Network Admission Control Policy Page
Network Admission Control (NAC) policies enable Cisco IOS routers acting as network access devices
(NADs) to enforce access privileges when an endpoint tries to connect to a network. Access decisions
are made on the basis of information provided by the endpoint device, such as its current antivirus state,
thus keeping insecure nodes from infecting the network.
You can configure NAC policies on a Cisco IOS router from the following tabs on the Network
Admission Control policy page:
Network Admission Control Page—Setup Tab, page61-14
Network Admission Control Page—Interfaces Tab, page 61-16
Network Admission Control Page—Identities Tab, page61-18
For more information, see Network Admission Control on Cisco IOS Routers, page 61-8.
Navigation Path
(Device view) Select Platform > Identity > Network Admission Control from the Policy selector.
(Policy view) Select Router Platform > Identity > Network Admission Control from the Policy
Type selector. Right-click Network Admission Control to create a policy, or select an existing
policy from the Shared Policy selector.

Network Admission Control Page—Setup Tab

Use the Network Admission Control Setup tab to select the Cisco Secure Access Control Servers used
for authentication during the NAC process, as well as to define the EAP over UDP settings for
communications between the NAD and the client seeking access to the network.
Navigation Path
Go to the Network Admission Control Policy Page, page61-14, then click the Setup tab.
Related Topics
Defining NAC Setup Parameters, page61-10
Network Admission Control Page—Interfaces Tab, page 61-16
Network Admission Control Page—Identities Tab, page61-18
Understanding AAA Server and Server Group Objects, page 6-24