Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

4-12

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 4 Common Scenarios Using ACS

Agentless Network Access

Validating an LDAP Secure Authentication Connection

You can define a secure authentication connection for the LDAP external identity store, by using a CA

certificate to validate the connection.

To validate an LDAP secure authentication connection using a certificate:

Step 1 Configure an LDAP external identity store. See Creating External LDAP Identity Stores, page 8-26.

Step 2 In the LDAP Server Connection page, check Use Secure Authentication.

Step 3 Select Root CA from the drop-down menu and continue with the LDAP configuration for ACS.

Related Topics

• Using Certificates in ACS, page 4-10

• Configuring Local Server Certificates, page 18-14

• Managing External Identity Stores, page 8-22

Agentless Network Access

This section contains the following topics:

• Overview of Agentless Network Access, page 4-12

• Host Lookup, page 4-13

• Agentless Network Access Flow, page 4-16

For more information about protocols used for network access, see Authentication in ACS 5.3, page B-1.

Overview of Agentless Network Access

Agentless network access refers to the mechanisms used to perform port-based authentication and

authorization in cases where the host device does not have the appropriate agent software.

For example, a host device, where there is no 802.1x supplicant or a host device, where the supplicant

is disabled.

802.1x must be enabled on the host device and on the switch to which the device connects. If a

host/device without an 802.1x supplicant attempts to connect to a port that is enabled for 802.1x, it will

be subjected to the default security policy.

The default security policy says that 802.1x authentication must succeed before access to the network is

granted. Therefore, by default, non-802.1x-capable devices cannot get access to an 802.1x-protected

network.

Although many devices increasingly support 802.1x, there will always be devices that require network

connectivity, but do not, or cannot, support 802.1x. Examples of such devices include network printers,

badge readers, and legacy servers. You must make some provision for these devices.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-24201-01 Camera Accessories User Manual