beautypg.com

Cisco 3.3 User Manual

Page 602

background image

Chapter 14 Network Admission Control

NAC Policies

14-30

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

ACS cannot reach the primary server or the primary server fails to respond to
the request, Cisco Secure ACS will use the secondary server, if it is
configured and enabled.

For the primary and secondary server configurations, each have the following
options:

URL—Specifies the HTTP or HTTPS URL for the server. URLs must
conform to the following format:

[http[s]://]

host

[:

port

]/

resource

where host is the hostname or IP address of the NAC server, port is the
port number used, and resource is the rest of the URL, as required by the
NAC server itself. The URL varies depending upon the server vendor and
configuration. For the URL required by your NAC server, please refer to
your NAC server documentation.

The default protocol is HTTP. URLs beginning with the hostname are
assumed to be using HTTP. To use HTTPS, you must specify the URL
beginning with

https://

.

If the port is omitted, the default port is used. The default port for HTTP
is port 80. The default port for HTTPS is port 443.

If the NAC server hostname is antivirus1, which uses port 8080 to
respond to HTTP requests for the service provided policy.asp, a script
kept in a web directory called cnac, valid URLs would be:

http://antivirus1:8080/cnac/policy.asp

antivirus1:8080/cnac/policy.asp

If the same server used the default HTTP port, valid URLs would be:

http://antivirus1/cnac/policy.asp

http://antivirus1:80/cnac/policy.asp

antivirus1/cnac/policy.asp

antivirus1:80/cnac/policy.asp

If the same server used HTTPS on the default port, valid URLs would be:

https://antivirus1/cnac/policy.asp

https://antivirus1:443/cnac/policy.asp

Username—Specifies the username by which Cisco Secure ACS
submits forwarded credentials to the server. If the server is not password
protected, the values provided in the Username and Password boxes are
ignored.