Cisco Cisco NAC Appliance 4.8.0 Fehlerbehebungsanleitung
Document ID: 91562
Introduction
This document describes the Lightweight Directory Access Protocol (LDAP) mapping feature in order to map the users to
certain roles in Network Admission Control (NAC) Appliance or Cisco Clean Access (CCA).
certain roles in Network Admission Control (NAC) Appliance or Cisco Clean Access (CCA).
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed NAC product that uses the network infrastructure to
enforce security policy compliance on all devices that seek to access network computing resources. With NAC Appliance,
network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their
machines before network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are
compliant with your network's security policies and repairs any vulnerabilities before permitting access to the network.
enforce security policy compliance on all devices that seek to access network computing resources. With NAC Appliance,
network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their
machines before network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are
compliant with your network's security policies and repairs any vulnerabilities before permitting access to the network.
Prerequisites
Requirements
This document assumes that CCA Manager, CCA Server and LDAP Server are installed and work properly.
Components Used
The information in this document is based on these software and hardware versions:
Cisco NAC Appliance 3300 Series - Clean Access Manager 4.0
Cisco NAC Appliance 3300 Series - Clean Access Server 4.0
The information in this document was created from the devices in a specific lab environment. All of the devices used in this
document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential
impact of any command.
document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential
impact of any command.
Conventions
Refer to
Cisco Technical Tips Conventions
for more information on document conventions.
Authentication Against Backend Active Directory
Several types of authentication providers in the Clean Access Manager can be used to authenticate users against an Active
Directory (AD) server, Microsoft's proprietary directory service. These include Windows NT(NTLM), Kerberos and LDAP
(preferred).
Directory (AD) server, Microsoft's proprietary directory service. These include Windows NT(NTLM), Kerberos and LDAP
(preferred).
If you use LDAP to connect to the AD, the Search(Admin) Full distinguished name (DN) typically has to be set to the DN of an
account with either administrative privileges or basic user privileges. The first common name (CN) entry should be an
administrator of the AD, or a user with read privileges. Note that the search filter, SAMAccountName, is the user login name in
the default AD schema.
account with either administrative privileges or basic user privileges. The first common name (CN) entry should be an
administrator of the AD, or a user with read privileges. Note that the search filter, SAMAccountName, is the user login name in
the default AD schema.
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Authentication Against Backend Active Directory
AD/LDAP Configuration Example
Map Users to Roles Using Attributes or VLAN IDs
Configure Mapping Rule
Edit Mapping Rules
Troubleshoot
Cisco Support Community - Featured
Conversations
Conversations
Related Information