User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Networking
Port Management
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 99
4
STEP 1 Click Networking -> Port -> Port-Based Access Control.
The Port-Based Access Control window opens.
STEP 2 Specify the RADIUS servers for authentication.
The security appliance predefines three RADIUS groups. You can choose a
predefined RADIUS group from the RADIUS Index drop-down list to authenticate
the users on 802.1X-capable clients. The RADIUS server settings of the selected
group are displayed. You can also edit the RADIUS server settings here but the
settings that you specify will replace the default settings of the selected group.
For more information, see Configuring the RADIUS Servers, page 319.
STEP 3 To configure the access control settings for a physical port, click Edit in the Action
column.
The Port-Base Access Control window opens.
STEP 4 Enter the following information:
• Access Control: Check the box to enable 802.1X access control. This
feature is not available for Trunk ports.
• Authenticated VLAN: If you enable 802.1X access control, choose the
authenticated VLAN to which this port is assigned. The users who
authenticated successfully can access the authenticated VLAN through the
port. If the authentication fails, block the access on the port.
• Guest Authenticated: If you enable 802.1X access control, check the box to
enable Guest Authentication.
• Authenticated VLAN: If you enable Guest Authentication, choose the guest
VLAN to be associated with the port. If the authentication fails, the port is
assigned to the selected guest VLAN instead of shutting down. For 802.1X-
incapable clients, the port is also assigned to the selected guest VLAN when
Guest Authentication is enabled.
STEP 5 You can perform other actions as follows:
• Access Control: Check the box in this column to enable 802.1X access
control, or uncheck the box to disable it.
• Guest Authentication: After you enable 802.1X access control, check the
box in this column to enable Guest Authentication, or uncheck the box to
disable it.