Cisco Cisco NAC Appliance 4.1.0
9-8
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 9 User Management: Traffic Control, Bandwidth, Schedule
Add Global Host-Based Traffic Policies
5.
Click Update Policy when done.
Note that you cannot change the policy priority directly from the Edit form. To change a Priority, click
the Up or Down arrows for the policy in the Move column of the IP policies list page.
the Up or Down arrows for the policy in the Move column of the IP policies list page.
Add Global Host-Based Traffic Policies
Default host policies for the Unauthenticated, Temporary, and Quarantine roles are automatically
retrieved and updated after a Clean Access Agent Update or Clean Update is performed from the CAM
(see
retrieved and updated after a Clean Access Agent Update or Clean Update is performed from the CAM
(see
for complete details on Updates).
You can configure custom DNS host-based policies for a role by host name or domain name when a host
has multiple or dynamic IP addresses. Allowing DNS addresses to be configured per user role facilitates
client access to the Windows or antivirus update sites that enable clients to fix their systems if Clean
Access Agent requirements are not met or network scanning vulnerabilities are found. Note that to use
any host-based policy, you must first add a Trusted DNS Server for the user role.
has multiple or dynamic IP addresses. Allowing DNS addresses to be configured per user role facilitates
client access to the Windows or antivirus update sites that enable clients to fix their systems if Clean
Access Agent requirements are not met or network scanning vulnerabilities are found. Note that to use
any host-based policy, you must first add a Trusted DNS Server for the user role.
Note
•
After a software upgrade, new default host-based policies are disabled by default but enable/disable
settings for existing host-based policies are preserved.
settings for existing host-based policies are preserved.
•
After a Clean Update, all existing default host-based policies are removed and new default
host-based policies are added with default disabled settings.
host-based policies are added with default disabled settings.
This section describes the following:
•
•
•
•
Add Trusted DNS Server for a Role
To enable host-based traffic policies for a role, add a Trusted DNS Server for the role.
1.
Go to User Management > User Roles > Traffic Control and click the Host link.
1.
Select the role for which to add a trusted DNS server.
2.
Type an IP address in the Trusted DNS Server field, or an asterisk “*” to specify any DNS server.