Enabling and disabling clientless authentication – Cisco ASA 5505 User Manual

Page 1554

Advertising
background image

70-14

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 70 Configuring Network Admission Control

Changing Global NAC Framework Settings

Enabling and Disabling Clientless Authentication

Clientless authentication is enabled by default. The default configuration contains the eou allow
clientless configuration.

Restrictions

The eou commands apply only to NAC Framework sessions.

Detailed Steps

Follow these steps to enable clientless authentication for a NAC Framework configuration:

Changing the Login Credentials Used for Clientless Authentication

When clientless authentication is enabled, and the ASA fails to receive a response to a validation request
from the remote host, it sends a clientless authentication request on behalf of the remote host to the
Access Control Server. The request includes the login credentials that match those configured for
clientless authentication on the Access Control Server. The default username and password for clientless
authentication on the ASA matches the default username and password on the Access Control Server;
the default username and password are both “clientless.”

Prerequisites

If you change these values on the Access Control Server, you must also do so on the ASA.

Detailed Steps

Enter the following to change the username used for clientless authentication:

Command

Purpose

Step 1

global

Switches to global configuration mode.

Step 2

eou allow

{audit | clientless | none}

Example:

hostname(config)# eou allow audit

hostname(config)#

Enables clientless authentication for a NAC
framework configuration.

audit uses an audit server to perform clientless
authentication.

clientless uses a Cisco Access Control Server to
perform clientless authentication.

none disables clientless authentication.

Shows how to configure the ASA to use an audit
server to perform clientless authentication.

Step 3

[no] eou allow {audit | clientless | none}

Example:

hostname(config)# no eou allow audit

hostname(config)#

Removes the command from the configuration.

Disables the use of an audit server.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals