Cisco 3.3 User Manual
Page 595
14-23
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 14 Network Admission Control
NAC Policies
•
Description—Specifies a text description of the policy, up to 255 characters.
Use the Description box to provide details that you could not convey in the
name of the policy. For example, you could describe its purpose or summarize
its rules. Because you can apply the same policy to more than one NAC
database, a useful description could also help prevent accidental
configuration errors when someone modifies a policy without understanding
which databases use it.
•
Configurable Rules—Lists rules that you define in the order in which
Cisco Secure ACS uses them to evaluate the posture validation request. Each
rule appears as a separate row in the table and is identified by its rule
elements, which appear as a blue link. You can order the rules in this table by
selecting the option directly to the left of a rule and clicking Up and Down to
position it as needed. For more information about the order of rules, see
About Local Policies, page 14-18
.
The Configurable Rules table contains the following options:
–
Result Credential Type—Specifies a vendor and application. If the rule
is true, the Result Credential Type determines the application to which
the token in the corresponding Token list is associated. Credential types
are listed by the vendor name and application name. For example, CTA
appears on the list as
Cisco:PA
. For more information about credential
types, see
About NAC Credentials and Attributes, page 14-11
.
–
Token—Specifies a token, specifically, an APT. If the rule is true, the
Token list determines the APT associated with the vendor and application
selected in the corresponding Result Credential Type list. For more
information about tokens, see
.
–
Action—Specifies a text message sent to the application indicated by the
Result Credential Type list. Use of the text message is determined by the
vendor. Some NAC-compliant applications do not implement the use of
the Action box.
•
Default Rule—If no configurable rule is true, the Default Rule table specifies
the credential type, token, and action that Cisco Secure ACS uses as the result
of applying the policy.