Appendix K Router Platform User Interface Reference

 

 

 

Network Admission Control Policy Page

 

Table K-80

Network Admission Control Setup Tab (Continued)

 

 

 

 

 

Allow Clientless

 

When selected, enables devices that do not have the Cisco Trust Agent

 

 

 

(CTA) installed to be authenticated through the use of a username and

 

 

 

password configured on the ACS.

 

 

 

If you select this check box, enter the username and password (including

 

 

 

confirmation) in the fields provided.

 

 

 

When deselected, NAC prevents devices lacking the CTA from accessing the

 

 

 

network, if their traffic matches the intercept ACL (see NAC Interface

 

 

 

Configuration Dialog Box, page K-187).

 

 

 

Note This feature is not supported on routers running Cisco IOS Software

 

 

 

Release 12.4(6)T or later.

 

 

 

 

 

Max Retry

 

The maximum number of retries that all NAC interfaces on this router should

 

 

 

make when initiating an EAP over UDP session with a connecting device.

 

 

 

Valid values range from 1 to 3. The default is 3.

 

 

 

Note You can override this global value on a specific interface, if required.

 

 

 

See Network Admission Control Page—Interfaces Tab, page K-186.

 

 

 

 

 

Rate Limit

 

The number of EAP over UDP posture validations that the router can handle

 

 

 

simultaneously. Additional devices cannot be validated until one or more

 

 

 

devices drop off.

 

 

 

Valid values range from 1 to 200. The default is 20. If you set this value to

 

 

 

0, rate limiting is turned off.

 

 

 

 

 

Port

 

The UDP port to use for EAP over UDP sessions.

 

 

 

Valid values range from 1 to 65535. The default is 21862.

 

 

 

Note For NAC to work, the default ACL on this router must permit UDP

 

 

 

traffic over the port designated here for EAP over UDP traffic. For

 

 

 

more information, see Working with Access Rules, page 13-63.

 

 

 

 

 

Enable Logging

 

When selected, EAP over UDP events on this router are logged to the device.

 

 

 

When deselected, EAP over UDP logging is disabled. This is the default.

 

 

 

 

 

 

 

 

Setup tab button

 

 

 

 

 

 

 

 

 

 

Save button

 

Saves your changes to the Security Manager server but keeps them private.

 

 

 

Note To publish your changes, click the Submit button on the toolbar.

 

 

 

 

 

 

 

 

 

 

User Guide for Cisco Security Manager 3.2

 

 

 

 

 

 

 

OL-16066-01

 

 

 

K-185

 

 

 

 

Page 184 Page 186
Page 185
Image 185
Cisco Systems OL-16066-01 Configuration Dialog Box, page K-187, More information, see Working with Access Rules, 185
Page 184 Page 186
Top Page Image Contents