Specifications
9-95
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Configuring Agent-Based Posture Assessment
Figure 9-48 Requirement List
Configuring an Optional/Audit Requirement
You can make any requirement Mandatory, Optional, or Audit-only using the Enforce Type dropdown
menu in the New Requirement or Edit Requirement form. Optional requirements allow you to view
administrative reports for an Agent user without blocking the client from the network if the optional
requirement fails. If an optional requirement fails, the user is put in the Temporary role and will see
“Optional” preceding the name of the requirement in the Agent dialog; however the user can click
Next/Skip and either proceed to the next requirement or to the network if no other requirements are
configured.
If you want to provide an extended period of time for users to meet requirements without blocking them
from the network, you can configure an optional requirement with instructions to comply by a certain
date. You can later enforce the requirement at the specified date to make the requirement mandatory.
If you want to ensure that the client system is checked “silently” for the requirement without notifying
the user, and that a report is generated and sent back to the CAS, you can configure an audit-only
requirement which only reports results (pass or fail) and does not affect user network access.
Note If the Optional/Audit requirement fails while Passive Re-assessment (PRA) has been enabled, then the
PRA report information will not be passed to the CAM. It is recommended to enable the Optional or
Audit requirement along with Mandatory requirement so that the report information is passed to the
CAM.
To create an Optional or Audit requirement:
Step 1 Go to Device Management > Clean Access > Clean Access Agent > Requirements > New
Requirement.