Support User Manuals

Cisco Systems 4.2 Server User Manual

Open as PDF

of 214

6-3

Configuration Guide for Cisco Secure ACS 4.2

OL-14390-02

Chapter 6 Agentless Host Support Configuration Scenario

Summary of Configuration Steps

GAME group feedback provides an added security check for MAC address authentication by checking

the device type categorization that ACS determines by associating a MAC address with a user group

against information stored in a database on an audit server.

To use the GAME group feedback feature, you must add a NAC attribute-value pair to the ACS RADIUS

dictionary before configuring a posture validation policy that uses GAME group feedback.

You then configure a posture validation policy in a NAP that requests device type authentication from

the audit server. For details on configuring posture validation, see Enable Posture Validation, page

7-46.

The detailed steps for configuring GAME group feedback are described in Enable GAME Group

Feedback, page

7-46 in Chapter 9, “NAC Configuration Scenario.”

Summary of Configuration Steps

To configure agentless host support in ACS:

Step 1 Install ACS for Windows or ACS Solution Engine (ACS SE).

See Step 1: Install ACS, page 6-4 for details.

Step 2 Configure a RADIUS AAA client.

See Step 2: Configure a RADIUS AAA Client, page 6-5 for details.

Configure restrictions on the admin user password.

Step 3 Install and set up an ACS security certificate:

Note This step is required to enable posture validation and Network Access Profiles.

a. Obtain certificates and copy them to the ACS host.

b. Run the Windows certificate import wizard to install the certificate

c. Enable security certificates on the ACS installation.

d. Install the CA certificate.

e. Add a trusted certificate.

See Step 3: Install and Set Up an ACS Security Certificate, page 6-6 for details.

Step 4 Configure LDAP support for MAB:

a. Configure an external LDAP database for MAB support.

b. Create One or More LDAP Database Configurations in ACS.

See Step 4: Configure LDAP Support for MAB, page 6-10 for details.

Step 5 Configure user groups for MAB segments.

See Step 5: Configure User Groups for MAB Segments, page 6-17 for details.

Step 6 Enable agentless request processing:

a. Create a new Network Access Profile.

b. Enable agentless host processing for the profile.

c. Configure MAB.

See Step 6: Enable Agentless Request Processing, page 6-18 for details.

previous next