10-48
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter10 Managing Access Policies
Security Group Access Control Pages
NDAC Policy Page
The Network Device Admission Control (NDAC) policy determines the SGT for network devices in a
Security Group Access environment. The NDAC policy handles:
Peer authorization requests from one device about its neighbor.
Environment requests (a device is collecting information about itself).
The policy returns the same SGT for a specific device, regardless of the request type.
Note You do not add an NDAC policy to an access service; it is implemented by default. However, for endpoint
admission control, you must define an access service and session aut horization policy. See Configuring
Network Access Authorization Rule Properties, page 10-32, for information about creating a session
authorization policy.
Use this page to configure a simple policy that assigns the same security group to all devices, or
configure a rule-based policy.
To display this page, choose Access Policies > Security Group Access Control > Network Device
Access > Authentication Policy.
If you have already configured an NDAC policy, the corresponding Simple Policy page or Rule-based
Policy page opens; otherwise, the Simple Policy page opens by default.
Simple Policy Page
Use this page to define a simple NDAC policy.
Rule-Based Policy Page
Use this page for a rule-based policy to:
View ru les.
Delete rules.
Open pages that create, duplicate, edit, and customize rules.
Table10-26 Simple NDAC Policy Page
Option Description
Policy type Defines the type of policy to configure:
Simple—Specifies that the result applies to all requests.
Rule-based—Configure rules to apply different results depending on the
request.
If you switch between policy types, you will lose your previously saved policy
configuration.
Security Group Select the security group to assign to devices. The default is Unknown.