Cisco Cisco NAC Appliance 4.1.0
9-9
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 9 User Management: Traffic Control, Bandwidth, Schedule
Add Global Host-Based Traffic Policies
Figure 9-6
Add Trusted DNS Server
3.
Optionally type a description for the DNS server in the Description field.
4.
The Enable checkbox should already be selected.
5.
Click Add. The new policy appears in the Trusted DNS Server column.
Note
•
When a Trusted DNS Server is added on the Host form, an IP-based policy allowing DNS/UDP
traffic to that server is automatically added for the role (on the IP form).
traffic to that server is automatically added for the role (on the IP form).
•
When you add a specific DNS server, then later add Any (“*”) DNS server to the role, the previously
added server becomes a subset of the overall policy allowing all DNS servers, and will not be
displayed. If you later delete the Any (“*”) DNS server policy, the specific trusted DNS server
previously allowed is again displayed.
added server becomes a subset of the overall policy allowing all DNS servers, and will not be
displayed. If you later delete the Any (“*”) DNS server policy, the specific trusted DNS server
previously allowed is again displayed.
Enable Default Allowed Hosts
Cisco NAC Appliance provides default host policies for the Unauthenticated, Temporary, and
Quarantine roles. Default Host Policies are initially pulled down to your system, then dynamically
updated, through performing a Clean Access Update or Clean Update. Newly added Default Host
Policies are disabled by default, and must be enabled for each role under User Management > User
Roles > Traffic Control > Hosts.
Quarantine roles. Default Host Policies are initially pulled down to your system, then dynamically
updated, through performing a Clean Access Update or Clean Update. Newly added Default Host
Policies are disabled by default, and must be enabled for each role under User Management > User
Roles > Traffic Control > Hosts.
To Enable (Automatic-Update) Default Host Policies
1.
Go to Device Management > Clean Access > Updates. (see
)
2.
Click Update or Clean Update to get the latest Default Host Policies (along with Clean Access
updates).
updates).
3.
Go to User Management > User Roles > Traffic Control > Host. (see
)
4.
Choose the role (Unauthenticated, Temporary, or Quarantine) for which to enable a Default Host
Policy from the dropdown menu and click Select.
Policy from the dropdown menu and click Select.
5.
Click the Enable checkbox for each default host policy you want to permit for the role.
6.
Make sure a Trusted DNS server is added (see
New
DNS
server