Chapter 4 Common Scenarios Using ACS

Agentless Network Access

c.Select Network Access, and check Identity and Authorization. The group mapping and External Policy options are optional.

d.Make sure you select Process Host Lookup.

If you want ACS to detect PAP or EAP-MD5 authentications for MAC addresses (see PAP/EAP-MD5 Authentication, page 4-15), and process it like it is a Host Lookup request (for example, MAB requests), complete the following steps:

e.Select one of the ACS supported protocols for MAB in the Allowed Protocols Page (EAP-MD5 or PAP).

f.Check Detect PAP/EAP-MD5as Host Lookup.

Related Topics

Managing Access Policies, page 10-1

Authentication in ACS 5.3, page B-1

Authentication with Call Check, page 4-14

Process Service-Type Call Check, page 4-15

Configuring an Identity Policy for Host Lookup Requests

To configure an identity policy for Host Lookup requests:

Step 1 Choose Access Policies > Access Services > <access_servicename> Identity.

See Viewing Identity Policies, page 10-21, for details.

Step 2 Select Customize to customize the authorization policy conditions.

A list of conditions appears. This list includes identity attributes, system conditions, and custom conditions. See Customizing a Policy, page 10-4, for more information.

Step 3 Select Use Case from the Available customized conditions and move it to the Selected conditions. Step 4 In the Identity Policy Page, click Create.

a.Enter a Name for the rule.

b.In the Conditions area, check Use Case, then check whether the value should or should not match.

c.Select Host Lookup and click OK.

This attribute selection ensures that while processing the access request, ACS will look for the host and not for an IP address.

d.Select any of the identity stores that support host lookup as your Identity Source.

e.Click OK.

Step 5 Click Save Changes.

Related Topic

Managing Access Policies, page 10-1

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

4-19

 

 

 

 

 

Page 83
Image 83
Cisco Systems OL-24201-01 manual Configuring an Identity Policy for Host Lookup Requests, Click Save Changes