Cisco Cisco Clean Access 3.5

Type a Role Name and Role Description of the role. For a quarantine role that will be associated 
with a particular login role, it may be helpful to reference the login role and the quarantine type in 
the new name. For example, a quarantine role associated with a login role named “R1” might be 
“R1-Quarantine.”

In the Role Type list, choose Quarantine Role. 

Configure any other settings for the role as desired. Note that, other than name, description, and role 
type, other role settings can remain at their default values. (See 

 for details.)

Click the Create Role button. The role appears in the List of Roles tab. 

By default, the system provides a default Quarantine role with a session time out of 4 minutes. The 
following steps describe how to configure the session timeout for a role. 

Go to User Management > User Roles > Schedule. 

Click the Edit button next to the desired quarantine role. 

The Session Timer form appears: 

Click the Session Timeout check box.

Type the number of minutes for the user session to live. Choose an amount that allows users enough 
time to download the files needed to fix their systems. 

Optionally, type a Description for the session timeout requirement. 

Click Update. The new value will appear in the Session Timeout column next to the role in the List 
of Roles tab. 

Setting these parameters to a relatively small value helps the Cisco Clean Access Server detect and 
disconnect users who have restarted their computers without logging out of the network. Note that the 
Session Timer value you enter here may need to be refined later, based on test scans and downloads of 
the software you will require.

The connection check is performed by ARP message; if a traffic control policy blocks ICMP traffic to 
the client, heartbeat checking still works.