4-19
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter4 Common Scenarios Using ACS
Agentless Network Access
c. Select Network Access, and check Identity and Authorization.
The group mapping and External Policy options are optional.
d. Make sure you select Process Host Lookup.
If you want ACS to detect PAP or EAP-MD5 authentications for MAC addresses (see
PAP/EAP-MD5 Authentication, page 4-15), and process it like it is a Host Lookup request (for
example, MAB requests), complete the following steps:
e. Select one of the ACS supported protocols for MAB in the Allowed Protocols Page (EAP-MD 5 or
PAP) .
f. Check Detect PAP/EAP-MD5 as Host Lookup.
Related Topics
Managing Access Policies, page 10-1
Authentication in ACS 5.4, pageB-1
Authentication with Call Check, page4-14
Process Service-Type Call Check, page4-15
Configuring an Identity Policy for Host Lookup Requests
To configure an identity policy for Host Lookup requests:
Step1 Choose Access Policies > Access Services > <access_servicename> Identity.
See Viewing Identity Policies, page10-22, for details.
Step2 Select Customize to customize the authorization policy conditions.
A list of conditions appears. This list includes identity attributes, system conditions, and custom
conditions. See Customizing a Policy, page 10-4, for more information.
Step3 Select Use Case from the Avai la b l e customized conditions and move it to the Selected conditions.
Step4 In the Identity Policy Page, click Create.
a. Enter a Name for the rule.
b. In the Conditions area, check Use Case, then check whether the value should or should not match.
c. Select Host Lookup and click OK.
This attribute selection ensures that while processing the access request, ACS will look for the host
and not for an IP address.
d. Select any of the identity stores that support host lookup as your Identity Source.
e. Click OK.
Step5 Click Save Changes.
Related Topic
Managing Access Policies, page 10-1