Filter
Top Products
6-23
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 6 Agentless Host Support Configuration Scenario
Basic Configuration Steps for Agentless Host Support
Step 7: Configure Logging and Reports
By default, the following information about MAB processing is logged to the CSAuth log file:
• The start of MAB request handling and what trigger is used to initiate MAB.
The format of this message is:
Performing Mac Authentication Bypass on <MAC_address>
where MAC_address is the MAC address that triggered the processing.
• User group mapping actions that indicate which MAC address in the authentication database was
mapped to what user group. The format of this message is:
<MAC_address> was (not) found in <DB_name> and mapped to <user_group> user-group
where MAC_address is the MAC address that was mapped, DB_name is the name of the database
that was used to match the MAC_address, and user_group is the name of the user group to which
the MAC address was mapped.
Note Because the results of MAC address lookup can influence the response that ACS returns to the NAD, the
success or failure of the MAC address lookup has an effect on the user group that is mapped to an access
request. Therefore, the MAC address lookup result might be listed in the Passed Authentications or
Failed attempts report.
Configuring Reports for MAB Processing
When you configure reports, you can add a new attribute called Bypass info to the Passed
Authentications and Failed Attempts reports.
To add this attribute:
Step 1 In the navigation bar, click System Configuration.
The System Configuration page opens.
Step 2 Click Logging.
The Logging Configuration page opens.
The Logging Configuration page shows three columns of ACS reports: CSV, ODBC, and syslog.
Step 3 To add the Bypass attribute to a specified report:
a. Click Configure under the report type for one of the reports that you want to modify; for example,
click the CSV report for the Passed Authentications report.
The Enable Logging page for the specified report opens.
b. Check the check box in the Enable Logging section.
c. In the Attributes column of the Select Columns to Log section, select the Bypass Info attribute.
d. Click the right arrow icon to move this attributed to the Logged Attributes column.
e. Select any other attributes that you want to log.
f. Set the other values on the Logging Configuration page as required.
g. Click Submit.