Cisco 3.3 User Manual
Page 581
14-9
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 14 Network Admission Control
Implementing Network Admission Control
b.
(Optional) If AAA clients participating in NAC are configured to make use
of NAC-related attribute-value (AV) pairs in the RADIUS (Cisco IOS/PIX)
cisco-av-pair attribute, configure the RADIUS (Cisco IOS/PIX) cisco-av-pair
attribute with the applicable AV pairs. NAC-related AV pairs include:
•
url-redirect
•
posture-token
•
status-query-timeout
Caution
The posture-token AV pair is the only way that Cisco Secure ACS notifies the
AAA client of the SPT returned by posture validation. Because you manually
configure the posture-token AV pair, errors in configuring posture-token can
result in the incorrect SPT being sent to the AAA client or, if the AV pair name is
mistyped, the AAA client not receiving the SPT at all.
Note
The AV pair names above are case sensitive.
For detailed steps about configuring the RADIUS (Cisco IOS/PIX)
cisco-av-pair attribute in a group profile, see
RADIUS Settings for a User Group, page 6-40
. For more information about
the RADIUS (Cisco IOS/PIX) cisco-av-pair attribute, see
cisco-av-pair RADUIS Attribute, page C-7
Cisco Secure ACS is configured to process posture validation requests, return the
results to the NAC client, and send the applicable ACLs to the AAA client.
Step 12
Create a user account to support NAC in the event of a non-responsive computer.
For more information, see
Non-Responsive NAC-Client Computers, page 14-5
.
Cisco Secure ACS is configured to support NAC of non-responsive computers.