61-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 61 Configuring Identity Policies
Network Admission Control Policy Page
Network Admission Control Page—Interfaces Tab
Use the Network Admission Control Interfaces tab to select and configure the router interfaces on which
to perform NAC. This includes configuring the Intercept ACL and selected EoU interface parameters. A
NAC policy must include at least one interface definition in order to function.
Navigation Path
Go to the Network Admission Control Policy Page, page61-14, then click the Interfaces tab.
Related Topics
Defining NAC Interface Parameters, page61-11
Network Admission Control Page—Setup Tab, page61-14
Network Admission Control Page—Identities Tab, page61-18
Table Columns and Column Heading Features, page1-46
Filtering Tables, page1-45
Field Reference
Port The UDP port to use for EAP over UDP sessions.
Valid values range from 1 to 65535. The default is 21862.
Note For NAC to work, the default ACL on this router must permit
UDP traffic over the port designated here for EAP over UDP
traffic. For more information, see Chapter 16, “Managing
Firewall Access Rules”.
Enable Logging When selected, EAP over UDP events on this router are logged to the
device.
When deselected, EAP over UDP logging is disabled. This is the
default.
Table61-2 Network Admission Control Setup Tab (Continued)
Element Description
Table61-3 Network Admission Control Interfaces Tab
Element Description
Interfaces The name of the interface on which NAC is being performed.
Intercept ACL The name of the Intercept ACL, which determines the incoming traffic
that triggers the interface to make a posture validation check.
EoU Max Retries The maximum number of retries that this interface should perform
when it initializes an EoU session with a connecting device.
Revalidate Indicates whether the interface revalidates its EoU sessions to make
sure they are still active.
Add button Opens the NAC Interface Configuration Dialog Box, page61-17. From
here you can define a NAC interface.