K-185
User Guide for Cisco Security Manager 3.2
OL-16066-01
AppendixK Router Platform User Interface Reference
Network Admission Control Policy Page
Allow Clientless When selected, enables devices that do not have the Cisco Trust Agent
(CTA) installed to be authenticated through the use of a username and
password configured on the ACS.
If you select this check box, enter the username and password (including
confirmation) in the fields provided.
When deselected, NAC prevents devices lacking the CTA from accessing the
network, if their traffic matches the intercept ACL (see NAC Interface
Configuration Dialog Box, page K-187).
Note This feature is not supported on routers running Cisco IOS Software
Release 12.4(6)T or later.
Max Retry The maximum number of retries that all NAC interfaces on this router should
make when initiating an EAP over UDP session with a connecting device.
Valid values range from 1 to 3. The default is 3.
Note You can override this global value on a specific interface, if required.
See Network Admission Control Page—Interfaces Tab, pageK-186.
Rate Limit The number of EAP over UDP posture validations that the router can handle
simultaneously. Additional devices cannot be validated until one or more
devices drop off.
Valid values range from 1 to 200. The default is 20. If you set this value to
0, rate limiting is turned off.
Port The UDP port to use for EAP over UDP sessions.
Valid values range from 1 to 65535. The default is 21862.
Note For NAC to work, the default ACL on this router must permit UDP
traffic over the port designated here for EAP over UDP traffic. For
more information, see Working with Access Rules, page13-63.
Enable Logging When selected, EAP over UDP events on this router are logged to the device.
When deselected, EAP over UDP logging is disabled. This is the default.
Setup tab button
Save button Saves your changes to the Security Manager server but keeps them private.
Note To publish your changes, click the Submit button on the toolbar.
TableK-80 Network Admission Control Setup Tab (Continued)