70-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter70 Configuring Network Admission Control
Changing Global NAC Framework Settings
Enabling and Disabling Clientless Authentication
Clientless authentication is enabled by default. The default configuration contains the eou allow
clientless configuration.
Restrictions
The eou commands apply only to NAC Framework sessions.
Detailed Steps
Follow these steps to enable clientless authentication for a NAC Framework configuration:
Changing the Login Credentials Used for Clientless Authentication
When clientless authentication is enabled, and the ASA fails to receive a response to a validation request
from the remote host, it sends a clientless authentication request on behalf of the remote host to the
Access Control Server. The request includes the login credentials that match those configured for
clientless authentication on the Access Control Server. The default username and password for clientless
authentication on the ASA matches the default username and password on the Access Control Server;
the default username and password are both “clientless.”
Prerequisites
If you change these values on the Access Control Server, you must also do so on the ASA.
Detailed Steps
Enter the following to change the username used for clientless authentication:
Command Purpose
Step1 global Switches to global configuration mode.
Step2 eou allow {audit | clientless | none}
Example:
hostname(config)# eou allow audit
hostname(config)#
Enables clientless authentication for a NAC
framework configuration.
audit uses an audit server to perform clientless
authentication.
clientless uses a Cisco Access Control Server to
perform clientless authentication.
none disables clientless authentication.
Shows how to configure the ASA to use an audit
server to perform clientless authentication.
Step3 [no] eou allow {audit | clientless | none}
Example:
hostname(config)# no eou allow audit
hostname(config)#
Removes the command from the configuration.
Disables the use of an audit server.