Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

221

222

223

224

225

226

227

228

229

230

6-9

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 6 User Management: Configuring User Roles and Local Users

Create User Roles

• Quarantine Role – Assigned to users to quarantine them when network scanning finds a

vulnerability on the user system. Note that a system Quarantine role already exists and can be

configured. However, the New Role form allows you to add additional quarantine roles if needed.

Step 6 See Role Properties, page 6-9 for configuration details on each role setting.

Note If planning to use role-based profiles with an OOB deployment, you must specify the Access VLAN in

the Out-of-Band User Role VLAN field when you create the user role. For further details see

Out-of-Band User Role VLAN, page 6-10 and Add Port Profile, page 3-34.

Step 7 When finished, click Create Role. To restore default properties on the form click Reset.

Step 8 The role now appears in the List of Roles tab.

Step 9 If creating a role for testing purposes, the next step is to create a local user to associate to the role. See

Create Local User Accounts, page 6-15 next.

Role Properties

Table 6-1 details all the settings in the New/Edit Role (Figure 6-2) form.

Table 6-1 Role Properties

Control Description

Disable this role Stops the role from being assigned to new users.

Role Name A unique name for the role.

Role Description An optional description for the role.

Role Type Whether the role is a Normal Login Role or a client posture assessment-related

role: Quarantine Role or Agent Temporary Role. See User Role Types,

page 6-3 for details.

Max Sessions per

User Account

(Case-Insensitive)

The Max Sessions per User Account option allows administrators to limit the

number of concurrent machines that can use the same user credentials. The

feature allows you to restrict the number of login sessions per user to a configured

number. If the online login sessions for a username exceed the value specified (1

– 255; 0 for unlimited), the web login page or the Agent will prompt the user to

end all sessions or end the oldest session at the next login attempt.

The Case-Insensitive checkbox allows the administrator to allow/disallow

case-sensitive user names towards the max session count. For example, if the

administrator chooses to allow case-sensitivity (box unchecked; default), then

jdoe, Jdoe, and jDoe are all treated as different users. If the administrator chooses

to disable case-sensitivity (box checked), then

jdoe, Jdoe, and jDoe are treated

as the same user.

Retag Trusted-side

Egress Traffic with

VLAN (In-Band)

Note This feature is deprecated and will be removed in future releases.