Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAC Timers

the default session timeout timers for NAC is :

Role                          Session timeout

unauthenticated Role           Disabled

Temporary Role                    4

Quarantine Role                    4

what is the ordering of applying these roles and timers once the user try to login to the PC ?

-before authentication

-after authentication & PC meets security requirements

-after authentication & PC doesn't meets security requirements

&

  • Other Security Subjects
3 REPLIES

Re: NAC Timers

Hany,

The only timer to worry about is the Temporary Role one. That is used if you're using the agent, and are missing some requirements. This time is allowed for you to remediate (by default 4 minutes) Generally customers increase that so the clients can get remediated.

The quarantine timer only applies if you're using nessus scanning, and the unauthenticated timer only for the unauthenticated role.

HTH,

Faisal

New Member

Re: NAC Timers

OK , but what about the ordering of excution as i listed ?

Re: NAC Timers

Hany,

The order is the same as you listed. When PC is unauthenticated, the unauthenticated timers apply. When it's doing posture and remediation the Temporary role timers apply. If you're doing Nessus scanning, then the Quarantine timers apply.

HTH,

Faisal

241
Views
0
Helpful
3
Replies