IBM Tivoli and Cisco manual Configuring NAC Framework components

7.1 Configuring NAC Framework components

This section focuses on the deployment of NAC Framework. NAC Framework can be deployed as NAC L3 IP, NAC L2 IP, or NAC L2 802.1x.

￿Configure the Cisco Secure ACS for NAC L2 802.1x.

￿Configure the Cisco Secure ACS for L2/L3 IP NAC.

￿Deploy the network infrastructure (authenticator).

￿Configure a Cisco 3750 switch with Cisco IOS software as a Network Access Device.

7.1.1Configuring the Cisco Secure ACS for NAC L2 802.1x

Cisco Secure ACS is required to perform the NAC authentication server role and checking whether or not clients contain any violations to the deployed security policy.

The following steps detail the installation (where required) and configuration of the individual components that comprise the NAC feature:

1.Installing Cisco Secure ACS

2.Configuring the administrative interface to Cisco Secure ACS

3.Allowing administrator access via HTTP (optional)

4.Cisco Secure ACS certificate setup

5.Using an ACS self-signed certificate

6.Importing IBM Security Compliance Manager attributes

7.Configuring logging

8.Configuring a network device group in Cisco Secure ACS

9.Configuring RADIUS attributes

10.Configuring groups 11.Configuring users 12.Global authentication setup 13.Configuring posture validation

14.Configuring RADIUS Authorization Components 15.Configuring Network Access Profiles 16.Configuring external user databases 17.Unknown user policy

18.Clientless user

The User Guide for Cisco Secure ACS for Windows 4.0 documentation can be found at (requires CCO login):

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_ guide_book09186a0080533dd8.html

214Building a Network Access Control Solution with IBM Tivoli and Cisco Systems