Specifications
7-33
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 7 User Management: Configuring Authentication Servers
Map Users to Roles Using Attributes or VLAN IDs
Figure 7-24 Mapping for Cisco VPN Auth Type
2. The Add Mapping Rule form appears.
Figure 7-25 Example Add Mapping Rule (Cisco VPN)
Configure Conditions for Mapping Rule (A)
• Provider Name—The Provider Name sets the fields of the Mapping Rules form for that
authentication server type. For example, the form only allows VLAN ID mapping rule configuration
for Kerberos, Windows NT, Windows NetBIOS SSO, and S/Ident auth server types. The form allows
VLAN ID or Attribute mapping rule configuration for RADIUS, LDAP, and Cisco VPN SSO auth
types.
• Condition Type—Configure and add conditions first (step A in Figure 7-25) before adding the
mapping rule. Choose one of the following from the dropdown menu to set the fields of the
Condition form:
–
Attribute—For LDAP, RADIUS, Cisco VPN SSO auth providers only.
–
VLAN ID—All auth server types.
–
Compound—This condition type only appears after you have at least one condition statement
already added to the mapping rule (see Figure 7-29 on page 7-37). It allows you to combine
individual conditions using boolean operators. You can combine VLAN ID conditions with
operators: equals, not equals, belongs to. You can combine Attribute conditions alone, or mixed
VLAN ID and Attribute conditions with operators: AND, OR, or NOT. For compound