Cisco Cisco Clean Access 3.5

This section demonstrates typical traffic policy and session timeout configuration needed to:

See 

 for further information. 

Users who fail a system check are assigned to the Clean Access Agent Temporary role. This role is 
intended to restrict user access to only the resources needed to comply with the Clean Access Agent 
requirements. 

Unlike quarantine roles, you cannot have more than one Clean Access Agent Temporary role (Agent 
Temp Role) in the system at once. The role can be fully edited, and is intended as single point for 
aggregating the traffic control policies that allow users to access required installation files. If the 
Temporary role is deleted, the Unauthenticated role is used by default. The name of the role that is used 
for the Temporary role (in addition to the version of the Agent) is displayed under Device Management 
> Clean Access> Clean Access Agent > Distribution. 

Both session timeout and traffic policies need to be configured for the Temporary role. The Temporary 
role has a default session timeout of 4 minutes, which can be changed as described below. The 
Temporary and quarantine roles have default traffic control policies of Block All traffic from the 
untrusted to the trusted side. Keep in mind that while you associate requirements (required packages) to 
the normal login roles that users attempt to log into, clients will need to meet those requirements while 
still in the Temporary role. Therefore, traffic control policies need to be added to the Temporary role to 
enable clients to access any required software installation files from the download site(s). 

 provides complete details on Clean Access Agent configuration. See 

 for additional information.

Go to User Management > User Roles> Schedule. 

The Session Timer list appears.

Click the Edit button (

) for the Temporary Role.