Filter
Top Products
9-79
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 11 (Optional): Configure GAME Group Feedback
Enable GAME Group Feedback
To enable GAME group feedback:
Step 1 On the External Posture Validation Audit Server Setup page, in the GAME Group Feedback section,
check the Request Device Type from Audit Server check box.
If this check box is not available, define an audit-device type attribute for the vendor in the internal
ACS
dictionary.
ACS for Windows:
With ACS for Windows, you use the CSUtil command. For detailed information, see “Posture Validation
Attributes” in Appendix D of the User Guide for Cisco Secure ACS.
ACS Solution Engine:
With ACS Solution Engine, you use the NAC Attributes Management page in the web interface. See
“NAC Attribute Management (ACS Solution Engine Only)” in Chapter 8 of the User Guide for Cisco
Secure ACS for more information.
Step 2 If you want to configure a default destination group that ACS uses if the audit server does not return a
device type, check the Assign This Group if Audit Server Did not Return a Device-Type check box.
You should now add entries to the group assignment table. The group assignment table is a list of rules
that set conditions that determine the user group to which to assign a particular device type that the audit
server returns.
Step 3 Click Add to display the group assignment table and add a device-type feedback rule.
The group assignment table appears, as shown in Figure 9-59.
Figure 9-59 GAME Group Feedback Section with Group Assignment Table
Step 4 In the group assignment table, specify:
• User Group—Lists all user groups, including Any. The device type that the MAC authentication
returns is initially compared with this list of device types.
• Match Condition—Valid values for the operator are:
–
match-all
–
=
–
! =