IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

60 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

– Quarantine

– Infected

– Unknown

 Posture notification (3f)

After the ACS has determined the posture token it performs these actions:

a. Cisco Secure ACS sends the system posture token to the network client.

b. The Cisco Secure ACS sends the network client an action to be taken that

is the result of the client being assigned to a group complying to a

particular policy level. If a customer uses the IBM Integrated Security

Solution for Cisco Networks with Configuration Manager integration and

the client happens to get a token “quarantine,” the results parameter will be

the

remediation URL pointing to the Configuration Manager server.

c. Cisco Secure ACS sends the NAD device the RADIUS attributes as

configured in the mapped user group, including ACLs or RACs as per

network access policy and attribute-value pairs. The optional user

notification can be used to display meaningful messages to the client that

correspond to the posture token assigned to the network client. The

access policy depends on the policy defined by the organization’s network

policy.

d. When the Cisco Secure ACS sends the system posture token to the

NAC-client computer, the ACS ends the PEAP session with the client.

e. Cisco Secure ACS logs the results of the posture validation request.

 Network policy enforcement (3g)

The NAD device enforces network access as dictated by Cisco Secure ACS

in its RADIUS response. By configuring group mapping, you define

authorizations and, therefore, network access control, based on the system

posture token determined as a result of posture evaluation.

To fully control what resources users have access to under all conditions, a

mapping of default user groups, posture tokens, and access restrictions is

specified in ACS. In general, each user will be assigned to a default user

group based on his authentication. Each user group is mapped to several

posture tokens, and each combination of user group to posture token can be

assigned either a RADIUS Access Control set or a downloadable IP ACL

filter.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM Tivoli and Cisco Network Card User Manual