Cisco Systems OL-24201-01 manual Ndac Policy, Simple Policy, Rule-Based Policy, 10-47

Chapter 10 Managing Access Policies

Security Group Access Control Pages

NDAC Policy Page

The Network Device Admission Control (NDAC) policy determines the SGT for network devices in a Security Group Access environment. The NDAC policy handles:

•Peer authorization requests from one device about its neighbor.

•Environment requests (a device is collecting information about itself).

The policy returns the same SGT for a specific device, regardless of the request type.

Note You do not add an NDAC policy to an access service; it is implemented by default. However, for endpoint admission control, you must define an access service and session authorization policy. See Configuring Network Access Authorization Rule Properties, page 10-31, for information about creating a session authorization policy.

Use this page to configure a simple policy that assigns the same security group to all devices, or configure a rule-based policy.

To display this page, choose Access Policies > Security Group Access Control > Network Device Access > Authentication Policy.

If you have already configured an NDAC policy, the corresponding Simple Policy page or Rule-based Policy page opens; otherwise, the Simple Policy page opens by default.

Simple Policy Page

Use this page to define a simple NDAC policy.

Table 10-26 Simple NDAC Policy Page

Rule-Based Policy Page

Use this page for a rule-based policy to:

•View rules.

•Delete rules.

•Open pages that create, duplicate, edit, and customize rules.