Filter
Top Products
9-40
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 7: Configure Posture Validation for NAC
Configure an External Posture Validation Audit Server
A NAC-enabled network might include agentless hosts that do not have the NAC client software. ACS
can defer the posture validation of the agentless hosts to an audit server. The audit server determines the
posture credentials of a host without relying on the presence of a PA.
Configuring an external audit server involves two stages:
• Adding the posture attribute to the ACS internal dictionary.
• Configuring an external posture validation server (audit server).
Add the Posture Attribute to the ACS Dictionary
Before you can create an external posture validation server, you must add one or more vendor attributes
to the ACS internal data dictionary. To do this, you use the bin\CSUtil tool, which is located in the ACS
installation directory.
To add the posture attributes:
Step 1 Create a text file in the \Utils directory with the following format:
[attr#0]
vendor-id=[your vendor id]
vendor-name=[The name of you company]
application-id=6
application-name=Audit
attribute-id=00003
attribute-name=Dummy-attr
attribute-profile=out
attribute-type=unsigned integer
Your vendor ID should be the Internet Assigned Numbers Authority (IANA)-assigned number that is the
first section of the posture token attribute name, [vendor]:6:
Step 2 To install the attributes specified in the text file:
a. Open a DOS command window.
b. Enter the following command:
\<ACS_Install_Dir>\bin\CSUtil –addAVP [file_name]
where ACS_Install_Dir is the name of the ACS installation directory and file_name is the name of
the text file that contains vendor attributes.
Step 3 Restart the CSAdmin, CSLog, and CSAuth services.