Cisco Cisco Clean Access 3.5

This chapter describes how to configure role-based traffic control policies, bandwidth management, 
session and heartbeat timers. Topics include:

For details on configuring user roles and local users, see 

For details on configuring authentication servers, see 

For details on creating and configuring the web user login page, see 

For new deployments of Cisco Clean Access, by default all traffic from the trusted to the untrusted 
network is allowed, and traffic from the untrusted network to the trusted network is blocked for the 
default system roles (Unauthenticated, Temporary, Quarantine) and new user roles you create. This 
allows you to expand access as necessary for traffic sourced from the untrusted network. 

This section describes the Traffic Control, Bandwidth, and Scheduling policies configured by user role. 

Cisco Clean Access offers two types of traffic policies: IP-based policies, and host-based policies. 
IP-based policies are fine-grained and flexible and can stop traffic in any number of ways. IP-based 
policies are intended for any role and allow you to specify IP protocol numbers as well as source and 
destination port numbers. For example, you can create an IP-based policy to pass through IPSec traffic 
to a particular host while denying all other traffic.