61-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 1 Configuring Identity Policies
Network Admission Control Policy Page
NAC Interface Configuration Dialog Box
Use the NAC Interface Configuration dialog box to add or edit the router interfaces on which NAC is
being performed.
Navigation Path
Go to the Network Admission Control Page—Interfaces Tab, page 61-16, then click the Add or Edit
button beneath the table.
Related Topics
Defining NAC Interface Parameters, page61-11
Basic Interface Settings on Cisco IOS Routers, page 59-1
Creating Interface Role Objects, page 6-68
Creating Access Control List Objects, page 6-49
Field Reference
Edit button Opens the NAC Interface Configuration Dialog Box, page61-17. From
here you can edit the selected NAC interface.
Delete button Deletes the selected NAC interfaces from the table.
Table61-3 Network Admission Control Interfaces Tab (Continued)
Element Description
Tab le 61 -4 N AC I nt er fa ce Co nfiguration Dialog Box
Element Description
Interface The interface that will perform NAC on connecting devices. Enter the
name of an interface or interface role, or click Select to select an object
from a list or to create a new one.
Intercept ACL The ACL that defines the traffic requiring posture validation. Enter the
name of an ACL object, or click Add to select an object from a list or
to create a new one.
Note If an authentication proxy is configured on the same interface
as NAC, the same Intercept ACL must be used in both policies.
Otherwise, deployment may fail. For more information about
authentication proxies, see Configuring AAA Rules for IOS
Devices, page 15-7.
EAP over UDP Max Retries The maximum number of times that the router should try to initiate an
EoU session with a connecting device. Valid values range from 1 to 3.
The default is 3.
Note Subinterfaces support the default value only.
Enable EoU Session
Revalidation
When selected, the router revalidates its EoU sessions as required. This
is the default.
When deselected, EoU session revalidation is not performed.
Note Subinterfaces support the default value only.