Adding, accessing, or removing a nac policy – Cisco ASA 5505 User Manual

70-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 70 Configuring Network Admission Control

Adding, Accessing, or Removing a NAC Policy

Refer to the following sections to create a NAC policy or modify one that is already present.

Adding, Accessing, or Removing a NAC Policy

Enter the following command to add or modify a NAC policy:

Step 3

show nac-policy

Example:

asa2(config)# show nac-policy

nac-policy framework1 nac-framework

applied session count = 0

applied group-policy count = 2

group-policy list: GroupPolicy2 GroupPolicy1

nac-policy framework2 nac-framework is not in use.

asa2(config)#

Displays the assignment of NAC policies to group
policies.

Shows which NAC policies are unassigned and the
usage count for each NAC policy.

Step 4

•

applied session count—Cumulative number of VPN
sessions to which this ASA applied the NAC policy.

•

applied group-policy count—Cumulative number of
group polices to which this ASA applied the NAC policy.

•

group-policy list—List of group policies to which this
NAC policy is assigned. In this case, the usage of a group
policy does not determine whether it appears in this list;
if the NAC policy is assigned to a group policy in the
running configuration, then the group policy appears in
this list.

Explains the fields in the show nac-policy command.

Note

When a policy is not assigned to any group
policies, “is not in use” displays next to the
policy type.

Command

Purpose