Hi all A NAP policy can have more than one Posture Validation. If there are more than one PV matching, the token which is most restrictive is selected. For example, if tokens corresponding to the matching PVs are Healthy and Quarantine, then ACS select Quarantine and sends the corresponding authorization parameters like downloadable ACL, vlan and RAC information to the NAD.
Hope my understanding is correct. If not, please correct. Said with that, why do we have three types of tokens Cisco:PA, Cisco:Host and Cisco:HIP when configuring PV policy.? There may be different elements of Cisco:PA, Cisco:HIP and Cisco:Host in the policy but the corresponding token can be simply Healthy, Quarantine or Transition. But when we want to select a token for PV, we are forced to select Cisco:PA, Cisco:Host and Cisco:HIP? What is the significance of selecting it. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
