Nac databases, About nac databases – Cisco 3.3 User Manual

Page 582

Advertising
background image

Chapter 14 Network Admission Control

NAC Databases

14-10

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

NAC Databases

This section contains the following topics:

About NAC Databases, page 14-10

About NAC Credentials and Attributes, page 14-11

NAC Database Configuration Options, page 14-12

Policy Selection Options, page 14-13

Configuring a NAC Database, page 14-14

About NAC Databases

NAC databases validate the posture of a NAC-client computer, using the
credentials that the NAC clients sends to Cisco Secure ACS in the posture
validation request.

Tip

Despite the placement of NAC database pages in the External User Databases
section of the HTML interface, NAC databases may not involve external
databases and Cisco Secure ACS performs no user authentication with a NAC
database.

A NAC database consists of the following:

Mandatory credential types—A NAC database has zero or more mandatory
credential types. Cisco Secure ACS determines whether to use a NAC
database to evaluate a posture validation request by comparing the credentials
received in the request to the mandatory credentials types associated with a
NAC database. If the request includes each credential type specified,
Cisco Secure ACS uses the NAC database to evaluate the request; otherwise,
Cisco Secure ACS uses the Unknown User Policy to compare the credentials
received to the mandatory credential types of other NAC databases.

A NAC database without any mandatory credential types is a valid
configuration. Cisco Secure ACS considers any posture validation request to
satisfy the mandatory credential types of a NAC database that has zero

Advertising