Table of Contents
Advertisement
7.1 Configuring NAC Framework components
This section focuses on the deployment of NAC Framework. NAC Framework
can be deployed as NAC L3 IP, NAC L2 IP, or NAC L2 802.1x.
Configure the Cisco Secure ACS for NAC L2 802.1x.
Configure the Cisco Secure ACS for L2/L3 IP NAC.
Deploy the network infrastructure (authenticator).
Configure a Cisco 3750 switch with Cisco IOS software as a Network Access
Device.
7.1.1 Configuring the Cisco Secure ACS for NAC L2 802.1x
Cisco Secure ACS is required to perform the NAC authentication server role and
checking whether or not clients contain any violations to the deployed security
policy.
The following steps detail the installation (where required) and configuration of
the individual components that comprise the NAC feature:
1. Installing Cisco Secure ACS
2. Configuring the administrative interface to Cisco Secure ACS
3. Allowing administrator access via HTTP (optional)
4. Cisco Secure ACS certificate setup
5. Using an ACS self-signed certificate
6. Importing IBM Security Compliance Manager attributes
7. Configuring logging
8. Configuring a network device group in Cisco Secure ACS
9. Configuring RADIUS attributes
10.Configuring groups
11.Configuring users
12.Global authentication setup
13.Configuring posture validation
14.Configuring RADIUS Authorization Components
15.Configuring Network Access Profiles
16.Configuring external user databases
17.Unknown user policy
18.Clientless user
The User Guide for Cisco Secure ACS for Windows 4.0 documentation can be
found at (requires CCO login):
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_
guide_book09186a0080533dd8.html
214
Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
Advertisement
Table of Contents
