Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
211212213214215216217218219220
CHAPTER
6-1
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
6
User Management: Configuring User Roles and
Local Users
This chapter describes the following topics:
Overview, page 6-1
Create User Roles, page 6-2
Create Local User Accounts, page 6-15
For details on configuring authentication servers, see Chapter 7, “User Management: Configuring
Authentication Servers.
For details on creating and configuring the web user login page and guest users, see Chapter 5,
“Configuring User Login Page and Guest Access.
For details on configuring traffic policies for user roles, see Chapter 8, “User Management: Traffic
Control, Bandwidth, Schedule.
Overview
This chapter describes the user role concept in Cisco NAC Appliance. It describes how user roles are
assigned and how to create and configure them. It also describes how to create local users that are
authenticated internally by the CAM (used primarily for testing).
Cisco NAC Appliance network protection features are configured for users by role and operating system.
The following roles are employed when users are in the Cisco NAC Appliance network (i.e. during the
time they are In-Band) and must be configured with traffic policies and session timeout:
Unauthenticated Role—Default system role for unauthenticated users (Agent or web login) behind
a Clean Access Server. Web login users are in the unauthenticated role while network scanning is
performed.
Normal Login Role—There can be multiple normal login roles in the system. A user is put into a
normal login role after a successful login.
Client Posture Assessment Roles (Agent Temporary Role and Quarantine Role)—Agent users are
in the Temporary role while Agent Requirements are checked on their systems. Both web login and
Agent users are put in the Quarantine role when network scanning determines that the client machine
has vulnerabilities.
Note that the Temporary and Quarantine roles are intended to have limited session time and network
access in order for users to fix their systems.