Specifications
CHAPTER
7-1
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
7
User Management: Configuring Authentication
Servers
This chapter describes how to set up external authentication sources, configure Active Directory Single
Sign-On (SSO), VLAN ID or attribute-based auth server mapping rules, and RADIUS accounting.
Topics are as follows:
• Overview, page 7-1
• Adding an Authentication Provider, page 7-4
• Configuring Authentication Cache Timeout (Optional), page 7-28
• Authenticating Against a Backend Active Directory, page 7-28
• Map Users to Roles Using Attributes or VLAN IDs, page 7-31
• Auth Test, page 7-39
• RADIUS Accounting, page 7-41
For details on AD SSO, see the “Configuring Active Directory Single Sign-On (AD SSO)” chapter in
the Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.9(x).
For details on creating and configuring the web user login page, see Chapter 5, “Configuring User Login
Page and Guest Access.”
For details on configuring user roles and local users, see Chapter 6, “User Management: Configuring
User Roles and Local Users.”
For details on configuring traffic policies for user roles, see Chapter 8, “User Management: Traffic
Control, Bandwidth, Schedule.”
Overview
By connecting the Clean Access Manager to external authentication sources, you can use existing user
data to authenticate users and administrator users in the untrusted network. Cisco NAC Appliance
supports several authentication provider types for the following two cases:
• When you want to work with an existing backend authentication server(s)
• When you want to enable any of the transparent authentication mechanisms provided by Cisco NAC
Appliance