04-26-2011 08:23 AM - edited 03-11-2019 01:25 PM
I have been configuring an ASA 8.22 to use NAC policies.
Not Cisco NAC devices, as in NAM and NAC, but the NAC built into the ASA code.
Now I can not remove nac-policy NAC-DSIT-DMAN because it is in use.
Is there some kind of circular error in syntax?
Question: How do I remove any reference to NAC in the running-config?
see cmds and error messages from command line.
BRR-ASA(config)# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework
applied session count = 0
applied group-policy count = 0
group-policy list:
BRR-ASA(config)# no nac-policy NAC-DSMIT-DMAN
ERROR: nac-policy <NAC-DSMIT-DMAN> does not exist
BRR-ASA(config)#
BRR-ASA(config)# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework
applied session count = 0
applied group-policy count = 0
group-policy list:
BRR-ASA(config)# nac NAC-DSIT-DMAN nac-framework
BRR-ASA(config-nac-policy-nac-framework)# no nac-policy NAC-DSIT-DMAN
ERROR: nac-policy <NAC-DSIT-DMAN> in use
BRR-ASA(config)#
04-26-2011 10:17 AM
try "clear config nac-policy NAC-DSMIT-DMAN"
04-26-2011 10:48 AM
yea, i know! this is the circular routing I am writing about
here is output from cmdline with your command
BRR-ASA# config t
BRR-ASA(config)# clear config nac-policy NAC-DSIT-DMAN
^
ERROR: % Invalid input detected at '^' marker.
BRR-ASA(config)# clear config nac-policy
INFO: can't remove in use nac-policy NAC-DSIT-DMAN
BRR-ASA(config)# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework
applied session count = 0
applied group-policy count = 0
group-policy list:
BRR-ASA(config)#
======(end)=======
yet when you look in group-policies NAC policy is not selected.......
04-26-2011 01:05 PM
fixed !
issue resolved.....
I rebooted the ASA vers 8.2(2)
after re-boot
went to CLI
BRR-ASA# show nac-policy
nac-policy NAC-DSIT-DMAN nac-framework is not in use.
did show nac-policy
the policy was is there not in use.........
went CLI
BRR-ASA#no nac-policy NAC-DSIT-DMAN
no lip........
looked at running-config
BRR-ASA(config)# show run | grep nac
nac-settings none
good to go....must have been an issue created by config changes from both ASDM and CLI....
somewhere it must be written that it is not a good idea to configure from both interfaces at the same time....could be a policy sync issue....
any....issue resolved.......but is was looking for the red flopy disk---indicating changes to policy-renew policy
any way good day now!!! :>)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide