Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
3
Replies

ASA vrs 8.22 nac-policy removal from running-config

garyprice
Level 1
Level 1

‎04-26-2011 08:23 AM - edited ‎03-11-2019 01:25 PM

I have been configuring an ASA 8.22 to use NAC policies.
Not Cisco NAC devices, as in NAM and NAC, but the NAC built into the ASA code.
Now I can not remove nac-policy NAC-DSIT-DMAN because it is in use.
Is there some kind of circular error in syntax?

Question: How do I remove any reference to NAC in the running-config?

see cmds and error messages from command line.

BRR-ASA(config)# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework
  applied session count = 0
  applied group-policy count = 0
  group-policy list:

BRR-ASA(config)# no nac-policy NAC-DSMIT-DMAN
ERROR: nac-policy <NAC-DSMIT-DMAN> does not exist

BRR-ASA(config)#

BRR-ASA(config)# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework
  applied session count = 0
  applied group-policy count = 0
  group-policy list:

BRR-ASA(config)# nac NAC-DSIT-DMAN nac-framework
BRR-ASA(config-nac-policy-nac-framework)# no nac-policy NAC-DSIT-DMAN
ERROR: nac-policy <NAC-DSIT-DMAN> in use
BRR-ASA(config)#

Labels:
0 Helpful
3 Replies 3

PAUL GILBERT ARIAS
Level 5
Level 5

‎04-26-2011 10:17 AM

try "clear config nac-policy NAC-DSMIT-DMAN"

0 Helpful

garyprice
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎04-26-2011 10:48 AM

yea, i know! this is the circular routing I am writing about

here is output from cmdline with your command

BRR-ASA# config t
BRR-ASA(config)# clear config nac-policy NAC-DSIT-DMAN
                                         ^
ERROR: % Invalid input detected at '^' marker.
BRR-ASA(config)# clear config nac-policy
INFO: can't remove in use nac-policy NAC-DSIT-DMAN
BRR-ASA(config)# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework
  applied session count = 0
  applied group-policy count = 0
  group-policy list:
BRR-ASA(config)#

======(end)=======

yet when you look in group-policies NAC policy is not selected.......

0 Helpful

garyprice
Level 1
Level 1
In response to garyprice

‎04-26-2011 01:05 PM

fixed !

issue resolved.....

I rebooted the ASA vers 8.2(2)

after re-boot

went to CLI

BRR-ASA# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework is not in use.

           did show nac-policy

           the policy was is there   not in use.........

went CLI

BRR-ASA#no nac-policy NAC-DSIT-DMAN

no lip........

looked at running-config

BRR-ASA(config)# show run | grep nac
nac-settings none

good to go....must have been an issue created by config changes from both ASDM and CLI....

somewhere it must be written that it is not a good idea to configure from both interfaces at the same time....could be a policy sync issue....

any....issue resolved.......but is was looking for the red flopy disk---indicating changes to policy-renew policy

any way good day now!!! :>)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card