Let me give you an example to illustrate the difference between "contains" and "=".
In IPexpert Vol 1 lab 5A, there is task for NAC l3 IP and the PV is required to have "KB936929". The Windows client machine has two host fixes and Cisco:Host:HotFixes parameters consists the value "|KB898461|KB936929|". Now, if I configure the PV policy having "Cisco:Host:HotFixes contains KB936929", the policy is matched If I configure the PV policy having "Cisco:Host:HotFixes = KB936929", the policy fails to match. With regards Kings On Sun, Jul 24, 2011 at 8:04 AM, Kingsley Charles < [email protected]> wrote: > Both "contains" and "=" will work. Having "=", makes ACS to see for exact > match but with "contains", it is enough, if the string is just present. > > With regards > Kings > > > On Sun, Jul 24, 2011 at 6:20 AM, Adil Pasha <[email protected]> wrote: > >> Thanks Ishwinder for your suggestion. Could you please review it again? >> >> I have a test lab with the solution using "contains" for both OS Type and >> service pack. >> >> >> Best Regards. >> ______________________ >> Adil >> >> On Jul 23, 2011, at 6:57 PM, Ishwinder Cheema wrote: >> >> Thanks for your input Kings. However, if the questions specifically asks >> to put the host not meeting the criteria in Quarantine, I am inclined to >> think they would expect us to choose Quarantine in that case. >> >> Adil, >> >> I would very much prefer 'Contains' with OS Type and '=' with Service >> Pack. >> >> Regards, >> Ishwinder >> >> On Sun, Jul 24, 2011 at 3:56 AM, Adil Pasha <[email protected]> wrote: >> >>> Please tell me which option to use? >>> >>> Contain or "=" if they ask to check Windows XP with service pack 3? >>> >>> >>> Best Regards. >>> ______________________ >>> Adil >>> >>> On Jul 23, 2011, at 1:08 PM, Kingsley Charles wrote: >>> >>> Not all parameters will have "contain" option. If you ask me, I feel >>> using "contain" than "=" is safer. >>> >>> And why would you put default as "Healthy"? Either "Quarantine" or >>> "Unknown" seems to a better option. When there more than one PV policy in >>> the NAP policy, the most restrictive posture token is considered. Unknown is >>> most restrictive and Quarantine is the next most restrictive as per my >>> findings. >>> >>> >>> With regards >>> Kings >>> >>> On Sat, Jul 23, 2011 at 8:28 PM, Ishwinder Cheema <[email protected]>wrote: >>> >>>> Hi All, >>>> >>>> Just wanted to have your views on the Posture validation variables used >>>> in ACS NAC. E.g. If the question is asking me to put a host with Windows XP >>>> SP2 in Quarantine, what is the recommended way to implement the Posture >>>> Validation Condition Sets especially the operators? >>>> >>>> I currently put OS Type with 'contains' operator and Service pack with >>>> '=' operator. Then assign the default rule to Healthy and the above rule to >>>> quarantine. Am I doing it correctly ? >>>> >>>> Regards, >>>> Ishwinder >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit www.ipexpert.com >>>> >>>> Are you a CCNP or CCIE and looking for a job? Check out >>>> www.PlatinumPlacement.com >>>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> >>> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
