Cisco Systems CSACS3415K9 Manual De Usuario
8-34
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 8 Managing Users and Identity Stores
Managing External Identity Stores
Viewing LDAP Attributes
Use this page to view the external LDAP attributes.
Step 1
Select Users and Identity Stores > External Identity Stores > LDAP.
Step 2
Check the check box next to the LDAP identity store whose attributes you want to view, click Edit, and
then click the Directory Attributes tab.
then click the Directory Attributes tab.
Step 3
In the Name of example Subject to Select Attributes field, enter the name of an example object from
which to retrieve attributes, then click Select.
which to retrieve attributes, then click Select.
For example, the object can be an user and the name of the object could either be the username or the
user’s DN.
user’s DN.
Step 4
Step 5
Click Add and the information you entered is added to the fields on the screen.
The attributes listed here are available for policy conditions.
Step 6
Click Submit to save your changes.
Leveraging Cisco NAC Profiler as an External MAB Database
ACS communicates with Cisco NAC Profiler to enable non-802.1X-capable devices to authenticate in
802.1X-enabled networks. Endpoints that are unable to authenticate through 802.1X use the MAC
Authentication Bypass (MAB) feature in switches to connect to an 802.1X-enabled network.
802.1X-enabled networks. Endpoints that are unable to authenticate through 802.1X use the MAC
Authentication Bypass (MAB) feature in switches to connect to an 802.1X-enabled network.
Typically, non-user-attached devices such as printers, fax machines, IP phones, and Uninterruptible
Power Supplies (UPSs) are not equipped with an 802.1x supplicant.
Power Supplies (UPSs) are not equipped with an 802.1x supplicant.
Table 8-9
LDAP: Attributes Page
Option
Description
Attribute Name
Type an attribute name that you want included in the list of available attributes for policy
conditions.
conditions.
Type
Select the type you want associated with the attribute name you entered in the Attribute Name field.
Default
Specify the default value you want associated with the attribute name you entered in the Attribute
Name field. If you do not specify a default value, no default is used.
Name field. If you do not specify a default value, no default is used.
When attributes are imported to the Attribute Name/Type/Default box via the Select button, these
default values are used:
default values are used:
•
String—Name of the attribute
•
Unsigned Integer 32
•
IP Address—This can be either an IPv4 or IPv6 address.
Policy Condition Name
(Optional) Specify the name of the custom condition for this attribute. This condition will be
available for selection when customizing conditions in a policy.
available for selection when customizing conditions in a policy.