Filter
Top Products
9-14
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 3: Set Up System Configuration
Step 8 Check the Accept client on authenticated provisioning and Require client certificate for
provisioning check boxes.
Step 9 Check the check boxes for the EAP-GTC, EAP-MSCHAPv2, and EAP-TLS inner methods.
The EAP-FAST Master Server check box is automatically checked (enabled).
Check the Certificate SAN and Certificate Binary comparison check boxes to enable these EAP-TLS
comparison
methods.
Step 10 Click Submit + Restart.
Configure the Logging Level
To set ACS to full logging capabilities:
Step 1 In the navigation bar, click System Configuration.
The System Configuration page opens.
Step 2 Click Service Control.
Step 3 Under Level of Detail, click the Full radio button.
Note Setting the logging level to Full might affect system performance. Therefore, you should set the
logging level to Full for an initial deployment when detailed troubleshooting is required. After
the network has become stable, set the logging level to Normal.
Step 4 Check the Manage Directory check box and choose how many days of logging to keep. (Enter the
number of days, based on how much space you have on your hard drive. Cisco recommends that you
specify seven days.)
Step 5 Click Restart to restart ACS. (Wait until the browser’s progress bar shows that the page has
reloaded
completely.)
Configure Logs and Reports
ACS logs records of users who gain or are refused network access, as well as records of other actions.
You can output the information in the logs to reports that you view in the ACS GUI, which you can then
save or print out and review. These reports summarize the logs, and provide useful information for
debugging and tracking problems.
For detailed information on ACS logs and reports, see Chapter 10 of the User Guide for Cisco Secure
ACS. 4.2, “Logs and Reports.”
The Failed Attempts report and the RADIUS Accounting report are useful tools for monitoring the
performance of the NAC/NAP network. And the Passed Authentications report is particularly useful in
NAC-enabled networks; because, it shows the group mapping for each posture validation request. By
default, the Passed Authentication report is unchecked (disabled).