Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
281282283284285286287288289290
8-8
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 8 User Management: Traffic Control, Bandwidth, Schedule
Add Global Host-Based Traffic Policies
Note that you cannot change the policy priority directly from the Edit form. To change a Priority, click
the Up or Down arrows for the policy in the Move column of the IP policies list page.
Add Global Host-Based Traffic Policies
Default host policies for the Unauthenticated, Temporary, and Quarantine roles are automatically
retrieved and updated after an Agent Update or Clean Update is performed from the CAM (see
Retrieving Cisco NAC Appliance Updates, page 9-12 for complete details on Updates).
You can configure custom DNS host-based policies for a role by host name or domain name when a host
has multiple or dynamic IP addresses. Once the host-based policy is setup and all the IP Addresses are
resolved, it enables all traffic types to the host machine.
Allowing DNS addresses to be configured per user role facilitates client access to the Windows or
antivirus update sites that enable clients to fix their systems if Agent requirements are not met or network
scanning vulnerabilities are found. Note that to use any host-based policy, you must first add a Trusted
DNS Server for the user role.
Note After a software upgrade, new default host-based policies are disabled by default but enable/disable
settings for existing host-based policies are preserved.
After a Clean Update, all existing default host-based policies are removed and new default
host-based policies are added with default disabled settings.
The host-based policies have higher priority than IP-based Traffic Policies. The traffic that passes
through an allowed host is always allowed, even if an IP-based policy denies it.
This section describes the following:
Add Trusted DNS Server for a Role, page 8-8
Enable Default Allowed Hosts, page 8-9
Add Allowed Host, page 8-10
Proxy Servers and Host Policies, page 8-12
Add Trusted DNS Server for a Role
To enable host-based traffic policies for a role, add a Trusted DNS Server for the role.
1. Go to User Management > User Roles > Traffic Control and click the Host link.
1. Select the role for which to add a trusted DNS server.
2. Type an IP address in the Trusted DNS Server field, or an asterisk “*” to specify any DNS server.