Cisco Systems OL-24201-01 Camera Accessories User Manual


 
4-19
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4 Common Scenarios Using ACS
Agentless Network Access
c. Select Network Access, and check Identity and Authorization.
The group mapping and External Policy options are optional.
d. Make sure you select Process Host Lookup.
If you want ACS to detect PAP or EAP-MD5 authentications for MAC addresses (see
PAP/EAP-MD5 Authentication, page 4-15), and process it like it is a Host Lookup request (for
example, MAB requests), complete the following steps:
e. Select one of the ACS supported protocols for MAB in the Allowed Protocols Page (EAP-MD5 or
PAP).
f. Check Detect PAP/EAP-MD5 as Host Lookup.
Related Topics
Managing Access Policies, page 10-1
Authentication in ACS 5.3, page B-1
Authentication with Call Check, page 4-14
Process Service-Type Call Check, page 4-15
Configuring an Identity Policy for Host Lookup Requests
To configure an identity policy for Host Lookup requests:
Step 1 Choose Access Policies > Access Services > <access_servicename> Identity.
See Viewing Identity Policies, page 10-21, for details.
Step 2 Select Customize to customize the authorization policy conditions.
A list of conditions appears. This list includes identity attributes, system conditions, and custom
conditions. See Customizing a Policy, page 10-4, for more information.
Step 3 Select Use Case from the Available customized conditions and move it to the Selected conditions.
Step 4 In the Identity Policy Page, click Create.
a. Enter a Name for the rule.
b. In the Conditions area, check Use Case, then check whether the value should or should not match.
c. Select Host Lookup and click OK.
This attribute selection ensures that while processing the access request, ACS will look for the host
and not for an IP address.
d. Select any of the identity stores that support host lookup as your Identity Source.
e. Click OK.
Step 5 Click Save Changes.
Related Topic
Managing Access Policies, page 10-1