Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
211212213214215216217218219220
6-2
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 6 User Management: Configuring User Roles and Local Users
Create User Roles
When a user authenticates, either through the web login page or Agent, Cisco NAC Appliance
determines the normal login role of the user and the requirements and/or network scans to be performed
for the role. Cisco NAC Appliance then performs requirement checking and/or network scanning as
configured for the role and operating system.
Note that while the role of the user is determined immediately after the initial login (in order to
determine the scans or system requirements associated with the user), a user is not actually put into a
normal login role until requirements are met, scanning has occurred and no vulnerabilities are found. If
the client has not met requirements, the user stays in the Agent Temporary role until requirements are
met or the session times out, including when the user reboots his/her client machine as part of a
remediation step (if the required application installation process requires you to restart your machine,
for example) and the Logoff NAC Agent users from network on their machine logoff or shutdown
after <x> secs option in the CAM Device Management > Clean Access > General Setup > Agent
Login web console page has not been enabled. If the user has met requirements but is found with
network scanning vulnerabilities, the user can be assigned to a quarantine role or simply blocked,
depending on the configuration.
Create User Roles
Roles are integral to the functioning of Cisco NAC Appliance and can be thought of in the following
ways:
As a classification scheme for users that persists for the duration of a user session.
As a mechanism that determines traffic policies, bandwidth restrictions, session duration, posture
assessment, and other policies within Cisco NAC Appliance for particular groups of users.
In general, roles should be set up to reflect the shared needs of distinct groups of users in your network.
Before creating roles, you should consider how you want to allocate privileges in your network, apply
traffic control policies, or group types of client devices. Roles can frequently be based on existing groups
within your organization (for example, students/faculty/staff, or engineering/sales/HR). Roles can also
be assigned to groups of client machines (for example, gaming boxes). As shown in Figure 6-1, roles
aggregate a variety of user policies including:
Traffic policies
Bandwidth policies
VLAN ID retagging
Cisco NAC Appliance network port scanning plugins
Agent client machine requirements