Page, page F-31, 188 | Cisco Systems OL-16066-01 specs

Appendix K Router Platform User Interface Reference

Network Admission Control Policy Page

		Field Reference
Table K-82	NAC Interface Configuration Dialog Box

Element			Description

Interface			The interface that will perform NAC on connecting devices. Enter the name
			of an interface or interface role, or click Select to display an Object
			Selectors, page F-593.
			If the interface role you want is not listed, click the Create button in the
			selector to display the Interface Role Dialog Box, page F-464. From here
			you can create an interface role object.

Intercept ACL			The ACL that defines the traffic requiring posture validation. Enter the name
			of an ACL object, or click Add to display an Object Selectors, page F-593.
			If the ACL you want is not listed, click the Create button in the selector to
			display the dialog box for defining an ACL object (see Access Control Lists
			Page, page F-31).
			Note If an authentication proxy is configured on the same interface as
			NAC, the same Intercept ACL must be used in both policies.
			Otherwise, deployment may fail. For more information about
			authentication proxies, see Configuring Settings for AAA (IOS),
			page 13-151.

EAP over UDP Max			The maximum number of times that the router should try to initiate an EoU
Retries			session with a connecting device. Valid values range from 1 to 3. The default
			is 3.
			Note Subinterfaces support the default value only.

Enable EoU Session			When selected, the router revalidates its EoU sessions as required. This is the
Revalidation			default.
			When deselected, EoU session revalidation is not performed.
			Note Subinterfaces support the default value only.

OK button			Saves your changes locally on the client and closes the dialog box.
			Note To save your changes to the Security Manager server so that they are
			not lost when you log out or close your client, click Save on the
			source page.

	User Guide for Cisco Security Manager 3.2
K-188	OL-16066-01

Image 188

Cisco Systems OL-16066-01 appendix Page, page F-31, 188

Contents

Router Platform User Interface Reference CPU Policy Page, page K-107 Dhcp Policy Page, page K-167 NTP Policy Page, page K-174 NAT Page-Interface Specification Tab NAT PolicyFor more information, see NAT on Cisco IOS Routers, Chapter K, Router Platform User Interface Reference Edit Interfaces Dialog Box-NAT Inside Interfaces Related Topics Edit Interfaces Dialog Box-NAT Outside Interfaces Field Reference NAT Page-Static Rules Tab NAT Static Rule Dialog Box Information, see Filtering Tables, Basic Interface Settings on Cisco IOS Routers, Defining Static NAT Rules,Disabling the Alias Option for Attached Subnets, Disabling the Payload Option for Overlapping Networks, Table K-5 NAT Static Rule Dialog Box Table K-5 NAT Static Rule Dialog Box Appendix K Router Platform User Interface Reference For more information, see Defining Dynamic NAT Rules, NAT Page-Interface Specification Tab, page K-3NAT Page-Dynamic Rules Tab NAT Dynamic Rule Dialog Box Object Selectors, page F-593 F-593 NAT Page-Timeouts Tab Specifying NAT Timeouts, Router Interfaces Table Columns and Column Heading Features, Create Router Interface Dialog Box Enabled Type Name Parent Discontiguous Network Masks, BRI, PRI Isdn Table K-10 Create Router Interface Dialog Box MTU Vlan ID Interface Auto Name Generator Dialog Box Dlci Advanced Interface Settings Available Interface Types, CDP Advanced Interface Settings Dialog Box You can create an interface role object For more information, see Understanding Helper Addresses, Eguide09186a00804247fc.htmlSelectors, page F-593 Cisco Discovery Protocol settings Table K-13 Advanced Interface Settings Dialog Box 00800a3ded.shtml Fragreassmps6441TSDProductsConfigurationGuideChapter.htmlVFR ACL AIM-IPS Interface Settings IPS Monitoring Information Dialog Box Dialer Policy Configuring Dial Backup, SPID2 Dialer Profile Dialog BoxSPID1 Table K-17 Dialer Profile Dialog Box Dialer Physical Interface Dialog Box Isdn BRI Adsl Policy Adsl on Cisco IOS Routers, Adsl Settings Dialog Box Defining Adsl Settings, PVC Policy Page, page K-54 Supported by each card type may cause deployment to fail Table K-20 Adsl Settings Dialog Box Shdsl Policy Shdsl on Cisco IOS Routers, Edit the selected DSL controller definition Dialog Box, page K-53 Shdsl Controller Dialog BoxDefining Shdsl Controllers, User Guide for Cisco Security Manager CPE Table K-22 Shdsl Dialog Box Controller Auto Name Generator Dialog Box PVC Policy PVC ID PVCPVC OAM OAM-PVC PVC Dialog Box Defining ATM PVCs, Table K-25 PVC Dialog Box Inverse ARP. See PVC Dialog Box-Protocol Tab, page K-67 PVC Dialog Box-Settings Tab, page K-59PVC. See PVC Dialog Box-QoS Tab, page K-63 PVC Dialog Box-Settings Tab Ilmi VPIVCI PVC Resources are freed for other dial-in users PPP PVC Dialog Box-QoS TabDialog Box-Protocol Tab, page K-67 Quality of Service Policy Page, page K-199 Understanding Policing and Shaping Parameters, CBR Service Classes,ABR UBR UBR+VBR-NRT VBR-RT PVC Dialog Box-Protocol Tab Define Mapping Dialog Box PVC Dialog Box, page K-56 Defining ATM PVCs, PVC Advanced Settings Dialog Box Type for the PVC. See PVC Dialog Box-Settings Tab, page K-59 PVC Advanced Settings Dialog Box-OAM Tab Advanced Settings Dialog Box-OAM Tab, page K-70Advanced Settings Dialog Box-OAM-PVC Tab, page K-73 Go to the PVC Dialog Box, page K-56, then click Advanced PVC Dialog Box, page K-56 Table K-31 PVC Advanced Settings Dialog Box-OAM Tab PVC Advanced Settings Dialog Box-OAM-PVC Tab OAM-PVC tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab PPP/MLP Policy Table K-33 PPP/MLP PPP Dialog Box Defining PPP Connections, Connection. See PPP Dialog Box-PPP Tab, page K-80 PPP Dialog Box-MLP Tab, page K-84 PPP Dialog Box-PPP TabTab, page K-84 Table K-35 PPP Dialog Box-PPP Tab It for other PPP connections on this device Chap Authentication settings MLP PPP Dialog Box-MLP TabPPP Dialog Box-PPP Tab, page K-80 Advance None-Negotiation is conducted without using an endpoint AAA Policy AAA Page-Authentication Tab Defining AAA Services, AAA Server Group Dialog Box, page F-12 Predefined AAA Authentication Server Groups,Understanding Method Lists, AAA Page-Authorization Tab Information, see Filtering Tables, Command Authorization Dialog Box AAA Page-Accounting Tab Table K-41 AAA Page-Accounting Tab See description Table N-91 on page N-131 Command Accounting Dialog Box Server groups configured with TACACS+ Accounts and Credential s Policy Table K-43 Accounts and Credentials User Account Dialog Box 100 Understanding FlexConfig Objects, Defining Accounts and Credential Policies,User Accounts and Device Credentials on Cisco IOS Routers, MD5 102 Bridging PolicyBridging on Cisco IOS Routers, Bridge Group Dialog Box 103 Clock Policy 104 105 106 CPU Policy 107 108 109 Http Policy 110 111 Http Page-Setup TabHttp and Https on Cisco IOS Routers, 112 Http Page-AAA TabHttps Http Page-Setup Tab, page K-111 113 114 115 Command Authorization Override Dialog Box Http Policy Page, page K-110AAA Policy Page, page K-87 116 Console Policy 117 118 Console Page-Setup TabVTY Line Dialog Box-Setup Tab, page K-132 119 120 Console Page-Authentication Tab 121 Page-Authentication Tab, page K-88 122 Console Page-Authorization Tab 123 124 Console Page-Accounting Tab 125 126 Page-Accounting Tab, page K-93 127 128 VTY Policy 129 130 Line Access on Cisco IOS Routers, Dialog Box-Setup Tab, page K-132VTY Line Dialog Box 131 VTY Line Dialog Box-Setup Tab Defining VTY Line Setup Parameters,Console Page-Setup Tab, page K-118 132 133 Policy. See Http Page-Setup Tab, page K-111 134 135 VTY Line Dialog Box-Authentication Tab 136 VTY Line Dialog Box-Authorization Tab 137 Page-Authorization Tab, page K-90 138 VTY Line Dialog Box-Accounting Tab 139 140 141 142 143 Command Authorization Dialog Box-Line AccessConsole Policy Page, page K-117 VTY Policy Page, page K-129 Level. See Command Accounting Dialog Box, page K-96 144 Command Accounting Dialog Box-Line Access 145 146 Secure Shell Policy 147 Box-Setup Tab, page K-132 148 149 Snmp PolicyFor more information, see Defining Snmp Agent Properties, Snmp on Cisco IOS Routers, 150 151 Permission Dialog BoxGenerate. See Snmp Traps Dialog Box, page K-155 Trap Receiver Dialog Box, page K-153 Snmp Traps Dialog Box, page K-155Defining Snmp Agent Properties, 152 153 Trap Receiver Dialog BoxPermission Dialog Box, page K-151 154 Snmp Traps Dialog Box 155 For more information, see Understanding IKE, 156 157 DNS Policy 158 159 IP Host Dialog BoxDNS on Cisco IOS Routers, 160 Hostname PolicyHostnames and Domain Names on Cisco IOS Routers, 161 For more information, see Defining Router Memory Settings,Memory Policy 162 163 Secure Device Provisioning PolicySecure Device Provisioning on Cisco IOS Routers, Administrative Introducers, Secure Device Provisioning Workflow,Understanding PKI Enrollment Objects, Click Select to display an Object Selectors, page F-593 165 166 Dhcp Policy For more information, see Defining Dhcp Policies,Dhcp on Cisco IOS Routers, 167 168 To display an Object Selectors, page F-593Definition, page 9-153and Supported IP Address Formats, 169 Dhcp Database Dialog Box Defining Dhcp Policies,IP Pool Dialog Box, page K-171 170 IP Pool Dialog Box 171 Select to display an Object Selectors, page F-593 172 Ddhhmm 173 174 NTP PolicyFor more information, see Defining NTP Servers, NTP Server Dialog Box, page K-176 175 NTP Server Dialog Box 176 Policy Page, page K-174 177 K-174 178 179 802.1x PolicyFor more information, see Defining 802.1x Policies, 180 Or click Add to display an Object Selectors, page F-593Defined here. See PPP Dialog Box, page K-78 181 182 183 Network Admission Control Page-Setup TabNetwork Admission Control Policy Defining NAC Setup Parameters, 184 185 Configuration Dialog Box, page K-187More information, see Working with Access Rules, Network Admission Control Page-Setup Tab, page K-183 Network Admission Control Page-Interfaces TabDefining NAC Interface Parameters, 186 NAC Interface Configuration Dialog Box 187 Page, page F-31 188 189 Network Admission Control Page-Identities TabDefining NAC Identity Parameters, NAC Identity Profile Dialog Box 190 NAC Identity Action Dialog Box NAC Identity Action Dialog Box, page K-191Actions, see NAC Identity Action Dialog Box, page K-191 NAC Identity Profile Dialog Box, page K-190 Logging Setup Policy Intercept ACL. See NAC Interface Configuration Dialog BoxBox, page K-190 K-187 193 Information, see -5 on 194 195 196 197 Syslog Servers PolicyFor more information, see Defining Syslog Servers, 198 Syslog Server Dialog BoxXML Quality of Service Policy Defining Syslog Servers,Logging on Cisco IOS Routers, Understanding Network/Host Objects, Defining QoS Policies, Understanding Control Plane Policing,CIR 200 201 202 Quality of Service on Cisco IOS Routers, QoS Policy Dialog BoxK-205 203 204 QoS Class Dialog Box 205 206 Box-Matching Tab, page K-208 Box-Queuing and Congestion Avoidance Tab, page K-212Dialog Box-Policing Tab, page K-214 Tab, page K-217 QoS Class Dialog Box-Matching Tab 208 Dscp F-593. For more information, see Edit ACLs Dialog Box-QoSClasses, page K-210 209 210 Edit ACLs Dialog Box-QoS ClassesDefining QoS Class Matching Parameters, QoS Class Dialog Box-Marking Tab 211 QoS Class Dialog Box-Queuing and Congestion Avoidance Tab 212 213 QoS Class Dialog Box-Policing Tab 214 215 216 QoS Class Dialog Box-Shaping Tab 217 218 BGP Routing Policy 219 BGP Page-Setup Tab Defining BGP Routes,Supported IP Address Formats, 220 Dialog Box, page K-222 221 Neighbors Dialog Box 222 BGP Page-Setup Tab, page K-220 BGP Page-Redistribution TabRedistributing Routes into BGP, 223 BGP Redistribution Mapping Dialog Box 224 225 226 Eigrp Page-Setup TabEigrp Routing Policy Eigrp Setup Dialog Box 227 Defining Eigrp Routes, 228 Eigrp Page-Setup Tab, page K-226 Eigrp Page-Interfaces TabEdit Interfaces Dialog Box-EIGRP Passive Interfaces 229 Defining Eigrp Interface Properties, 230 231 Systems, see Eigrp Setup Dialog Box, page K-227Eigrp Interface Dialog Box Eigrp Page-Redistribution Tab 232 233 Eigrp Redistribution Mapping Dialog Box Redistributing Routes into EIGRP,Page-Redistribution Tab, page K-223 234 235 Ospf Interface Policy 236 237 Defining Ospf Interface Settings, Ospf Interface Dialog BoxOspf Routing on Cisco IOS Routers, 238 239 240 241 Objects, 242 243 Ospf Process Page-Setup TabOspf Process Policy Defining Ospf Process Settings, 244 Ospf Setup Dialog Box 245 246 Ospf Process Page-Setup Tab, page K-243Edit Interfaces Dialog Box-OSPF Passive Interfaces 247 Defining Ospf Area Settings,Ospf Process Page-Area Tab Ospf Area Dialog Box 248 Ospf Process Page-Redistribution Tab 249 250 Ospf Redistribution Mapping Dialog Box 251 252 253 Ospf Max Prefix Mapping Dialog Box Ospf Redistribution Mapping Dialog Box, page K-251K-243 254 255 RIP Page-Setup TabRIP Routing Policy 256 Defining RIP Setup Parameters,An Object Selectors, page F-593 257 RIP Page-Authentication TabEdit Interfaces Dialog Box-RIP Passive Interfaces 258 Defining RIP Interface Authentication Settings,RIP Page-Setup Tab, page K-255 RIP Authentication Dialog Box 259 260 Redistribution tab. See RIP Page-Setup Tab, page K-255RIP Page-Redistribution Tab 261 RIP Redistribution Mapping Dialog BoxRedistributing Routes into RIP, 262 263 Static Routing PolicyStatic Routing on Cisco IOS Routers, Static Routing Dialog Box 264 Defining Static Routes, 265 266 267 268