Filter
Top Products
9-74
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 11 (Optional): Configure GAME Group Feedback
Step 3 Restart ACS:
a. In the navigation bar, click System Configuration.
b. Click Service Control.
c. Click Restart.
Configure Database Support for Agentless Host Processing
The database that you use can be an external LDAP database (preferred) or the ACS
internal
database.
For information on configuring database support for agentless host processing, see Step 4:
Configure LDAP Support for MAB, page 6-10.
Enable Posture Validation
You must enable posture validation in two places. The
• Global Authentication Page, as part of the configuration for PEAP.
• EAP configuration section of the Protocols page for the NAP that enables agentless host support.
Configure an External Audit Server
For detailed instructions on configuring an external audit server, see Configure an External Posture
Validation Audit Server, page
7-31.
Configure an External Posture Validation Audit Server
A NAC-enabled network might include agentless hosts that do not have the NAC client software. ACS
can defer the posture validation of the agentless hosts to an audit server. The audit server determines the
posture credentials of a host without relying on the presence of a PA.
Configuring an external audit server involves two stages:
• Adding the posture attribute to the ACS internal dictionary.
• Configuring an external posture validation server (audit server).
Add the Posture Attribute to the ACS Dictionary
Before you can create an external posture validation server, you must add one or more vendor attributes
to the ACS internal data dictionary. To do this, you use the bin\CSUtil tool, which is located in the ACS
installation directory.