Cisco Cisco Clean Access 3.5
C H A P T E R
8-1
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
8
User Management: Traffic Control, Bandwidth,
Schedule
Schedule
This chapter describes how to configure role-based traffic control policies, bandwidth management,
session and heartbeat timers. Topics include:
session and heartbeat timers. Topics include:
•
•
•
•
•
•
•
•
For details on configuring user roles and local users, see
For details on configuring authentication servers, see
For details on creating and configuring the web user login page, see
Overview
For new deployments of Cisco Clean Access, by default all traffic from the trusted to the untrusted
network is allowed, and traffic from the untrusted network to the trusted network is blocked for the
default system roles (Unauthenticated, Temporary, Quarantine) and new user roles you create. This
allows you to expand access as necessary for traffic sourced from the untrusted network.
network is allowed, and traffic from the untrusted network to the trusted network is blocked for the
default system roles (Unauthenticated, Temporary, Quarantine) and new user roles you create. This
allows you to expand access as necessary for traffic sourced from the untrusted network.
This section describes the Traffic Control, Bandwidth, and Scheduling policies configured by user role.
Cisco Clean Access offers two types of traffic policies: IP-based policies, and host-based policies.
IP-based policies are fine-grained and flexible and can stop traffic in any number of ways. IP-based
policies are intended for any role and allow you to specify IP protocol numbers as well as source and
destination port numbers. For example, you can create an IP-based policy to pass through IPSec traffic
to a particular host while denying all other traffic.
IP-based policies are fine-grained and flexible and can stop traffic in any number of ways. IP-based
policies are intended for any role and allow you to specify IP protocol numbers as well as source and
destination port numbers. For example, you can create an IP-based policy to pass through IPSec traffic
to a particular host while denying all other traffic.