Configuring The Unknown User Policy - Cisco 3.3 User Manual

Configuring the Unknown User Policy

Tip
Configuring the Unknown User Policy
Step 1
Step 2
Step 3
User Guide for Cisco Secure ACS for Windows Server
15-16
If you create a default NAC database, that is, a NAC database with no mandatory
credential types, be sure you list it below all other NAC databases.
Use this procedure to configure your Unknown User Policy.
Before You Begin
For information about the Configure the Unknown User Policy page, see
Unknown User Policy Options, page
To specify how Cisco Secure ACS processes unknown users, follow these steps:
In the navigation bar, click External User Databases, and then click Unknown
User Policy.
To deny unknown user authentication requests, select the Fail the attempt option.
Selecting the Fail the attempt option does not affect posture validation
Note
requests. Cisco Secure ACS always uses the Unknown User Policies for
posture validation.
To allow unknown user authentication, enable the Unknown User Policy. To do
so, follow these steps:
Select the Check the following external user databases option.
a.
For each database that you want Cisco Secure ACS to use for posture
b.
validation or unknown user authentication, select the database in the External
Databases list and click --> (right arrow button) to move it to the Selected
Databases list. To remove a database from the Selected Databases list, select
the database, and then click <-- (left arrow button) to move it back to the
External Databases list.
To assign the database search order, select a database from the Selected
c.
Databases list and click Up or Down to move it into the position you want.
Chapter 15
15-13.
Unknown User Policy
78-16592-01