Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
231232233234235236237238239240
7-2
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 7 User Management: Configuring Authentication Servers
Overview
Working with Existing Backend Authentication Servers
When working with existing backend authentication servers, Cisco supports the following authentication
protocol types:
Kerberos
RADIUS (Remote Authentication Dial-In User Service)
Windows NT (NTLM Auth Server)
LDAP (Lightweight Directory Access Protocol)
When using this option, the CAM is the authentication client which communicates with the backend auth
server. Figure 7-1 illustrates the authentication flow.
Figure 7-1 Cisco NAC Appliance Authentication Flow with Backend Auth Server
Currently, it is required to use RADIUS, LDAP, Windows NT, or Kerberos auth server types if you want
to enable Cisco NAC Appliance system features such as:
Network scanning policies
Agent requirements
Attribute-based auth mapping rules
Note For Windows NT only, the CAM must be on the same subnet as the domain controllers.
Working with Transparent Auth Mechanisms
When using this option, Cisco supports the following authentication protocol types:
Active Directory SSO
Cisco VPN SSO
Windows NetBIOS SSO (formerly known as “Transparent Windows”)
S/Ident (Secure/Identification)
Depending on the protocol chosen, the Clean Access Server sniffs traffic relevant to the authentication
source flowing from the end user machine to the auth server (for example, Windows logon traffic for the
Windows NetBIOS SSO auth type). The CAS then uses or attempts to use that information to
authenticate the user. In this case, the user does not explicitly log into the Cisco NAC Appliance system
(via web login or Agent).
Note S/Ident and Windows NetBIOS SSO can be used for authentication only—posture assessment,
quarantining, and remediation do not currently apply to these auth types.
End user CAS
User provides
credentials to
CAS via web
login or
Agent
CAS provides
credentials to
CAM
CAM
CAM verifies
credentials with
backend auth
server
Auth Server
(RADIUS, LDAP,
WindowsNT, Kerberos)
184071