Enabling And Disabling Clientless Authentication; Changing The Login Credentials Used For Clientless Authentication - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 33
Configuring Network Admission Control
Enabling and Disabling Clientless Authentication
Enter the following command in global configuration mode to enable clientless authentication for a NAC
Framework configuration:
audit uses an audit server to perform clientless authentication.
clientless uses a Cisco Access Control Server to perform clientless authentication.
no removes the command from the configuration.
none disables clientless authentication.
The default configuration contains the eou allow clientless configuration.
The eou commands apply only to NAC Framework sessions.
Note
Clientless authentication is enabled by default.
The following example shows how to configure the security appliance to use an audit server to perform
clientless authentication:
hostname(config)# eou allow audit
hostname(config)#
The following example shows how to disable the use of an audit server:
hostname(config)# no eou allow audit
hostname(config)#
Changing the Login Credentials Used for Clientless Authentication
When clientless authentication is enabled, and the security appliance fails to receive a response to a
validation request from the remote host, it sends a clientless authentication request on behalf of the
remote host to the Access Control Server. The request includes the login credentials that match those
configured for clientless authentication on the Access Control Server. The default username and
password for clientless authentication on the security appliance matches the default username and
password on the Access Control Server; the default username and password are both "clientless". If you
change these values on the Access Control Server, you must also do so on the security appliance.
Enter the following command in global configuration mode to change the username used for clientless
authentication:
username must match the username configured on the Access Control Server to support clientless hosts.
Enter 1 to 64 ASCII characters, excluding leading and trailing spaces, pound signs (#), question marks
(?), quotation marks ("), asterisks (*), and angle brackets (< and >).
Enter the following command in global configuration mode to change the password used for clientless
authentication:
password must match the password configured on the Access Control Server to support clientless hosts.
Enter 4 – 32 ASCII characters.
OL-12172-03
[no] eou allow {audit | clientless | none}
eou clientless username username
eou clientless password password
Changing Global NAC Framework Settings
Cisco Security Appliance Command Line Configuration Guide
33-9
Advertisement
Table of Contents
Troubleshooting
