Cisco Systems OL-24201-01 manual Leveraging Cisco NAC Profiler as an External MAB Database

Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Viewing LDAP Attributes

Use this page to view the external LDAP attributes.

Step 1 Select Users and Identity Stores > External Identity Stores > LDAP.

Step 2 Check the check box next to the LDAP identity store whose attributes you want to view, click Edit, and then click the Directory Attributes tab.

Step 3 In the Name of example Subject to Select Attributes field, enter the name of an example object from which to retrieve attributes, then click Select.

For example, the object can be an user and the name of the object could either be the username or the user’s DN.

Step 4 Complete the fields as described in Table 8-9

Policy Condition Name (Optional) Specify the name of the custom condition for this attribute. This condition will be available for selection when customizing conditions in a policy.

Step 5 Click Add and the information you entered is added to the fields on the screen.

The attributes listed here are available for policy conditions.

Step 6 Click Submit to save your changes.

Leveraging Cisco NAC Profiler as an External MAB Database

ACS communicates with Cisco NAC Profiler to enable non-802.1X-capable devices to authenticate in 802.1X-enabled networks. Endpoints that are unable to authenticate through 802.1X use the MAC Authentication Bypass (MAB) feature in switches to connect to an 802.1X-enabled network.

Typically, non-user-attached devices such as printers, fax machines, IP phones, and Uninterruptible Power Supplies (UPSs) are not equipped with an 802.1x supplicant.