Cisco Cisco NAC Appliance 4.1.0
9-6
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 9 Local Traffic Control Policies
Add Local Host-Based Traffic Control Policies
10.
Optionally, type a description of the policy in the Description field.
11.
Click Add Policy when finished. If modifying a policy, click the Update Policy button.
Note
The traffic direction you select for viewing the list of policies (Untrusted -> Trusted or Trusted ->
Untrusted) sets the source and destination when you open the Add Policy form:
Untrusted) sets the source and destination when you open the Add Policy form:
•
The first IP/Mask/Port entry listed is the source.
•
The second IP/Mask/Port entry listed is the destination.
Add Local Host-Based Traffic Control Policies
Local host-based policies allow you to control user traffic to host sites for users in a role and for a
particular Clean Access Server.
particular Clean Access Server.
Default host policies for the Unauthenticated, Temporary, and Quarantine roles are automatically
retrieved and updated after a Clean Access Agent Update or Clean Update is performed from the CAM.
retrieved and updated after a Clean Access Agent Update or Clean Update is performed from the CAM.
You can configure custom DNS host-based policies for a role by host name or domain name when a host
has multiple or dynamic IP addresses. Note that to use any host-based policy, you must first add a Trusted
DNS Server for the user role.
has multiple or dynamic IP addresses. Note that to use any host-based policy, you must first add a Trusted
DNS Server for the user role.
Note
•
After a software upgrade, new default host-based policies are disabled by default but enable/disable
settings for existing host-based policies are preserved.
settings for existing host-based policies are preserved.
•
After a Clean Update, all existing default host-based policies are removed and new default
host-based policies are added with default disabled settings.
host-based policies are added with default disabled settings.
See “Clean Access Agent” in the Cisco NAC Appliance - Clean Access Manager Installation and
Administration Guide for details on the automatic Updates downloaded to the CAM under Device
Management > Clean Access > Updates.
Administration Guide for details on the automatic Updates downloaded to the CAM under Device
Management > Clean Access > Updates.