Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
231232233234235236237238239240
7-3
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 7 User Management: Configuring Authentication Servers
Overview
Local Authentication
You can set up any combination of local and external authentication mechanisms for both users and
Cisco NAC Appliance administrators. Typically, external authentication sources are used for general
users, while local authentication (where users are validated internally to the CAM) is used for test users,
guests, or other types of users with limited network access. For details on using local authentication for
guest access, see Guest User Access, page 5-17.
Providers
A provider is a configured authentication source. You can configure the providers you set up to appear
in the Provider dropdown menu of the web login page (Figure 7-2) and Agent to allow users to choose
the domain in which to be authenticated.
Figure 7-2 Provider Field in Web Login Page
Mapping Rules
You can set up role assignment for users based on the authentication server. For all auth server types,
you can create mapping rules to assign users to roles based on VLAN ID. For LDAP and RADIUS auth
servers, you can additionally map users into roles based on attribute values passed from the
authentication server.
FIPS 140-2 Compliance
For LDAP over GSSAPI and Kerberos functions with FIPS-compliant CAMs/CASs, you must ensure
that hosts are running Windows 2008 Server to support secure authentication sessions between external
resources and FIPS-compliant appliances.
You can configure a FIPS 140-2 compliant external RADIUS Authentication Provider type by setting up
a secure IPSec tunnel between your Cisco NAC Appliance system and Cisco ACS 4.x in a Windows
environment running Windows Server 2003 or 2008.