Cisco Systems 4.2 Server User Manual


  Open as PDF
of 214
 
6-10
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 6 Agentless Host Support Configuration Scenario
Basic Configuration Steps for Agentless Host Support
Step 4: Configure LDAP Support for MAB
You can configure the ACS internal database to manage MAB used with the agentless host feature;
however, if you have a large number of MAC addresses to process (for example, several thousand), it is
more efficient to use an external LDAP database than to configure the MAC address mappings manually
through the ACS GUI.
To configure LDAP support for MAB:
Step 1 Configure an External LDAP database for MAB support.
See Configure an External LDAP Database for MAB Support, page 6-10for details.
Step 2 Create one or more LDAP database configurations in ACS.
See Create One or More LDAP Database Configurations in ACS, page 6-13 for details.
Configure an External LDAP Database for MAB Support
Configure one or more external LDAP databases for MAB support. In each LDAP database, create:
Device records that describe the agentless hosts that ACS will authenticate.
LDAP groups that define an LDAP schema to enable MAB for agentless host support.
Example 6-1 shows portions of a sample Lightweight Directory Interchange Format (LDIF) file that
defines an LDAP database for agentless host support.
Example 6-1 Sample LDAP Schema for MAB Support
dn: ou=MAB Segment, o=mycorp
ou: MAB Segment
objectClass: top
objectClass: organizationalUnit
description: MAC Authentication Bypass Sub-Tree
dn: ou=MAC Addresses, ou=MAB Segment, o=mycorp
ou: MAC Addresses
objectClass: top
objectClass: organizationalUnit
dn: ou=MAC Groups, ou=MAB Segment, o=mycorp
ou: MAC Groups
objectClass: top
objectClass: organizationalUnit
dn: cn=user00-wxp.emea.mycorp.com,ou=MAC Addresses, ou=MAB Segment, o=mycorp
ipHostNumber: 10.56.60.100
objectClass: top
objectClass: ipHost
objectClass: ieee802Device
macAddress: 00:11:22:33:44:55
cn: user00-wxp.emea.mycorp.com
dn: cn=user11-wxp.emea.mycorp.com,ou=MAC Addresses, ou=MAB Segment, o=mycorp
ipHostNumber: 10.56.60.111
objectClass: top
objectClass: ipHost
objectClass: ieee802Device
 previous next