Cisco Cisco Clean Access 3.5
1-5
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 1 Introduction
Managing Users
Managing Users
The Clean Access Manager makes it easy to apply existing authentication mechanisms to users on the
network (
network (
). When the Clean Access Server receives an HTTP request from the untrusted
network, it checks whether the request comes from an authenticated user. If not, a secure web login page
is presented to the user. The user submits his or her credentials securely through the web login page (or
Clean Access Agent, once downloaded). The login credentials can be authenticated by the CAM itself
(for local user testing) or by an external authentication server, such as LDAP, RADIUS, Kerberos, or
Windows NT. Before deploying the solution to a production environment, you can customize the web
login page by modifying the labels, descriptions, and logo that appear on the page.
is presented to the user. The user submits his or her credentials securely through the web login page (or
Clean Access Agent, once downloaded). The login credentials can be authenticated by the CAM itself
(for local user testing) or by an external authentication server, such as LDAP, RADIUS, Kerberos, or
Windows NT. Before deploying the solution to a production environment, you can customize the web
login page by modifying the labels, descriptions, and logo that appear on the page.
Figure 1-3
Authentication Path
You can apply Cisco Clean Access vulnerability assessment and remediation to authenticated users by
configuring network port scanning and/or Clean Access Agent scanning requirements (via the Clean
Access module of the web admin console).
configuring network port scanning and/or Clean Access Agent scanning requirements (via the Clean
Access module of the web admin console).
With IP-based and host-based traffic policies, you can control the resources users can access on the
network before and after authentication, during Clean Access vulnerability assessment, and after a user
device is certified as “clean.”
network before and after authentication, during Clean Access vulnerability assessment, and after a user
device is certified as “clean.”
Finally, you can monitor user activity from the web console through the Online Users page (for L2 and
L3 deployments) and the Certified Devices List (L2 deployments only).
L3 deployments) and the Certified Devices List (L2 deployments only).
Installation Requirements
The Clean Access Manager is available as software that can be installed on the certified hardware
platform of your choice. Refer to the following documents for details on minimum system requirements:
platform of your choice. Refer to the following documents for details on minimum system requirements:
•
Certified Hardware and System Requirements for Cisco Clean Access:
•
Release Notes for Cisco Clean Access, Version 3.5(x):
authentication
sources (e.g., LDAP,
Kerberos)
user: jsmits
password:*****
password:*****
user list:
jjacobi
jrahim
klane
klane
local users:
...
...
external users:
tableUsers
jamir
jdornan
jsmits
jdornan
jsmits
user login:
Clean Access
Clean Access
Manager
Server