Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

311

312

313

314

315

316

317

318

319

320

9-11

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment

Require Agent Login for Client Machines

network using the role you assign for restricted network access, regardless of their assigned user role.

For more information, see Windows Cisco NAC Agent User Dialogs, page 10-3 and Cisco NAC Web

Agent User Dialogs, page 10-28.

Note that:

• Restricted network access users appear on the In-Band Online Users list denoted by blue shading.

For example, if a user cannot install the Agent and clicks the “Restricted Access” button in an OOB

deployment, that user appears on the In-Band Online User list and remains in the Authentication

VLAN even though the CAS is performing OOB. In this case, administrators can configure ACLs

on the restricted role to control access for users in that role.

• Restricted network access users do not appear on the Certified Devices List (since they have not met

posture assessment requirements).

Configure Network Policy Page (Acceptable Use Policy) for Agent Users

This section describes how to configure user access to a Network Policy page (or Acceptable Usage

Policy, AUP) for Agent users. After login and requirement assessment, the Agent displays an “Accept”

dialog (Figure 10-53 on page 10-41) with a Network Usage Terms & Conditions link to the web page

that users must accept to access the network. You can use this option to provide a policies or information

page about acceptable network usage. This page can be hosted on an external web server or on the CAM

itself.

To Configure Network Policy Link

1. Go to Device Management > Clean Access > General Setup (see Figure 9-1 on page 9-4).

2. Make sure User Role, Operating System and Require use of Agent/Require Use of Cisco NAC

Web Agent are configured.

3. Click Show Network Policy to NAC Agent and Cisco NAC Web Agent users [Network Policy

Link:]. This will display a link in the Agent to a Network Usage Policy web page that Agent users

must accept to access the network.

4. If hosting the page on the CAM, you will need to upload the page (for example, “helppage.htm”)

using Administration > User Pages > File Upload. See Upload a Resource File, page 5-13 for

details. If hosting the page on an external web server, continue to the next step.

5. Type the URL for your network policy page in the Network Policy Link field as follows:

–

To link to an externally-hosted page, type the URL in the format:

https://mysite.com/helppages.

–

To point to a page you have uploaded to the CAM, for example, “helppage.htm,” type the URL

as follows:

https://<CAS_IP_address>/auth/helppage.htm

6. Make sure to add traffic policies to the Temporary role to allow users HTTP access to the page. See

Adding Traffic Policies for Default Roles, page 8-27 for details.

To see how the Network Policy dialog appears to Agent users, see Figure 10-53 on page 10-41.

Configure the Agent Temporary Role

See Configure Agent Temporary Role, page 8-19 for details on configuring traffic policies and session

timeout for the Agent Temporary role.