Cisco Cisco Clean Access 3.5

C H A P T E R

6-1

Cisco Clean Access Manager Installation and Administration Guide

OL-7044-01

User Management: Auth Servers

This chapter describes how to set up external authentication sources, VLAN ID or attribute-based auth
server mapping rules, and RADIUS accounting. Topics are as follows:

•

Overview, page 6-1

•

Configure an Authentication Provider, page 6-4

•

Authenticating Against Active Directory, page 6-16

•

Map Users to Roles Using Attributes or VLAN IDs, page 6-18

•

Test User Authentication, page 6-25

•

RADIUS Accounting, page 6-26

For details on configuring user roles and local users, see

Chapter 5, “User Management: User Roles.”

For details on creating and configuring the web user login page, see

Chapter 7, “User Pages and Guest

Access.”

For details on configuring traffic policies for user roles, see

Chapter 8, “User Management: Traffic

Control, Bandwidth, Schedule.”

Overview

By connecting the Clean Access Manager to external authentication sources, you can use existing user
data to authenticate users in the untrusted network. Cisco Clean Access supports several authentication
provider types for the following two cases:

•

When you want to work with an existing backend authentication server(s)

•

When you want to enable any of the transparent authentication mechanisms provided by Cisco Clean
Access

Working with Existing Backend Authentication Servers

When working with existing backend authentication servers, Cisco supports the following authentication
protocol types:

•

Kerberos

•

RADIUS (Remote Authentication Dial-In User Service)

•

Windows NT (NTLM Auth Server)

•

LDAP (Lightweight Directory Access Protocol)