The completed ruleset should look like Figure 7-100.

Figure 7-100 Untrusted Trusted rule creation

11.Repeat steps 6 through 10 for the quarantine role and temporary role. Users in this scenario, utilizing CCA, are placed in the temporary role if noncompliant. The quarantine role is used for users not passing a network scan, which is out of the scope of this guide.

Note: The rules used here are specific to our lab environment. Think carefully about what rules will need to be used in your own environment, such as DNS, DHCP, different subnets and hosts.

Creating local users

CAM has the ability to perform user authentication using a variety of methods, such as RADIUS, LDAP, Active Directory SSO, and so on.

For the purposes of this book, we use local database authentication.

1.Click User Management Local Users New Local User.

332Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 350
Image 350
IBM Tivoli and Cisco manual Creating local users, Click User Management → Local Users → New Local User