|
|
|
[ Pobierz całość w formacie PDF ]
In this task, you will configure the General Setup tab to require the use of the Cisco NAA for
the Employee user role.
Activity Procedure
Complete these steps:
Step 1 Choose Device Management > Clean Access > General Setup > Agent Login.
Step 2 Choose Employee from the User Role drop-down menu and leave the default setting
ALL in the Operating System field.
Step 3 Check the Require Use of Clean Access Agent box.
Step 4 Leave all other options unchecked.
Step 5 Click the Update button to store the changes in the Cisco NAM database.
Activity Verification
You have completed this task when you attain this result:
The updates are accepted.
Task 2: Configure Host Policies for Clean Access Agent
In this task, you will configure host policies for the Cisco NAA.
Activity Procedure
Complete these steps:
Step 1 Choose User Management > User Roles > Traffic Control > Host.
Step 2 In the Host-Based Policy page, choose Temporary Role from the drop-down menu
and click Select.
Step 3 Click the Add button under the Trusted DNS Server section that has � *� already
filled in the Trusted DNS Server field and � Any DNS Server� entered in the
Description field.
Note By leaving the default setting (*) in its field and clicking the Add button, you have added a
trusted DNS server.
Step 4 Scroll down to the Allow Host Name field and enter www.cisco.com. Leave the
drop-down menu as equals and type Cisco.com in the description field.
Step 5 Click the Add button and then check the Enable check box.
© 2007 Cisco Systems, Inc. Lab Guide 29
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc.,
for the sole use by Cisco employees for personal study. The files or printed representations may not be
used in commercial training, and may not be distributed for purposes other than individual self-study.
�Activity Verification
You have completed this task when you attain this result:
An IP-based traffic policy allowing UDP traffic to the trusted network for the selected role
appears under User Management > User Roles > Traffic Control > IP.
Task 3: Create Checks and Rules
In this task, you create checks and rules.
Activity Procedure
Complete these steps:
Step 1 Choose Device Management > Clean Access > Clean Access Agent > Rules >
New Check.
Step 2 Ensure that the entry in the Check Category drop-down menu is Registry Check and
that the entry in the Check Type drop-down menu is Registry Key.
Note In this case, the check will look for a registry key created by the update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB835732\
Step 3 Enter a meaningful Check Name, such as
Windows_Security_Update_for_KB835732.
Step 4 From the root key list, choose HKLM (HKEY_LOCAL_MACHINE) for the
Registry Key.
Step 5 In the Registry Key field to the right of the HKLM drop-down menu, enter
SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB835732.
Tip As a shortcut, you can navigate to the tested key in the Microsoft Registry Editor (search for
KB835732), select the key reference, and choose Copy Key Name from the Edit menu.
After copying the key name, paste the key name into the registry key field. Remove any
trailing spaces.
Step 6 Choose Exists from the Operator drop-down menu.
Step 7 Check the Windows XP (All) check box to set the operating system that the rule
will check.
Note This step directs the Cisco NAC Appliance to perform the check only on computers running
Windows XP.
Step 8 Choose the Automatically Create Rule Based on this Check check box.
Step 9 Click Add Check.
Activity Verification
You have completed this task when you attain these results:
In the Device Management > Clean Access > Clean Access Agent > Rules > Rule list, the
new check appears at the bottom of the Check List.
A rule appears at the bottom of the list with suffix � -rule� under
Device Management > Clean Access > Clean Access Agent > Rules > Rule List.
30 Implementing Cisco NAC Appliance (CANAC) v2.1 © 2007 Cisco Systems, Inc.
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc.,
for the sole use by Cisco employees for personal study. The files or printed representations may not be
used in commercial training, and may not be distributed for purposes other than individual self-study.
� When you click the Edit button for the new rule to bring up the Edit Rule configuration
[ Pobierz całość w formacie PDF ]
zanotowane.pldoc.pisz.plpdf.pisz.plkwiatpolny.htw.pl
|
|
| Cytat |
Dobre pomysły nie mają przeszłości, mają tylko przyszłość. Robert Mallet
De minimis - o najmniejszych rzeczach.
Dobroć jest ważniejsza niż mądrość, a uznanie tej prawdy to pierwszy krok do mądrości. Theodore Isaac Rubin
Dobro to tylko to, co szlachetne, zło to tylko to, co haniebne.
Dla człowieka nie tylko świat otaczający jest zagadką; jest on nią sam dla siebie. I z obu tajemnic bardziej dręczącą wydaje się ta druga. Antoni Kępiński (1918-1972)
|
|
