Cisco Cisco NAC Appliance 4.1.0

Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide

OL-12214-01

User Management: Configuring Auth Servers

This chapter describes how to set up external authentication sources, configure Active Directory Single
Sign-On (SSO), VLAN ID or attribute-based auth server mapping rules, and RADIUS accounting.
Topics are as follows:

•

Overview, page 7-1

•

Adding an Authentication Provider, page 7-4

•

Configuring Authentication Cache Timeout (Optional), page 7-14

•

Authenticating Against Backend Active Directory, page 7-15

•

Map Users to Roles Using Attributes or VLAN IDs, page 7-17

•

Auth Test, page 7-25

•

RADIUS Accounting, page 7-27

For details on AD SSO, see

Chapter 8, “Configuring Active Directory Single Sign-On (AD SSO).”

For details on creating and configuring the web user login page, see

Chapter 5, “Configuring User Login

Page and Guest Access.”

For details on configuring user roles and local users, see

Chapter 6, “User Management: Configuring

User Roles and Local Users.”

For details on configuring traffic policies for user roles, see

Chapter 9, “User Management: Traffic

Control, Bandwidth, Schedule.”

Overview

By connecting the Clean Access Manager to external authentication sources, you can use existing user
data to authenticate users in the untrusted network. Cisco NAC Appliance supports several
authentication provider types for the following two cases:

•

When you want to work with an existing backend authentication server(s)

•

When you want to enable any of the transparent authentication mechanisms provided by Cisco NAC
Appliance

Working with Existing Backend Authentication Servers

When working with existing backend authentication servers, Cisco supports the following authentication
protocol types:

•

Kerberos