Filter
Top Products
4-12
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 4 Common Scenarios Using ACS
Agentless Network Access
A default Local Server Certificate is installed on ACS so that you can connect to ACS with your browser.
The default certificate is a self-signed certificate and cannot be modified during installation.
Related Topics
• Using Certificates in ACS, page 4-10
• Configuring Local Server Certificates, page 18-14
Validating an LDAP Secure Authentication Connection
You can define a secure authentication connection for the LDAP external identity store, by using a CA
certificate to validate the connection.
To validate an LDAP secure authentication connection using a certificate:
Step 1 Configure an LDAP external identity store. See Creating External LDAP Identity Stores, page 8-26.
Step 2 In the LDAP Server Connection page, check Use Secure Authentication.
Step 3 Select Root CA from the drop-down menu and continue with the LDAP configuration for ACS.
Related Topics
• Using Certificates in ACS, page 4-10
• Configuring Local Server Certificates, page 18-14
• Managing External Identity Stores, page 8-22
Agentless Network Access
This section contains the following topics:
• Overview of Agentless Network Access, page 4-12
• Host Lookup, page 4-13
• Agentless Network Access Flow, page 4-16
For more information about protocols used for network access, see Authentication in ACS 5.4, page B-1.
Overview of Agentless Network Access
Agentless network access refers to the mechanisms used to perform port-based authentication and
authorization in cases where the host device does not have the appropriate agent software.
For example, a host device, where there is no 802.1x supplicant or a host device, where the supplicant
is disabled.
802.1x must be enabled on the host device and on the switch to which the device connects. If a
host/device without an 802.1x supplicant attempts to connect to a port that is enabled for 802.1x, it will
be subjected to the default security policy.