Configuring the unknown user policy, S, see, Configuring the – Cisco 3.3 User Manual

Chapter 15 Unknown User Policy

Configuring the Unknown User Policy

15-16

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Tip

If you create a default NAC database, that is, a NAC database with no mandatory
credential types, be sure you list it below all other NAC databases.

Configuring the Unknown User Policy

Use this procedure to configure your Unknown User Policy.

Before You Begin

For information about the Configure the Unknown User Policy page, see

Unknown User Policy Options, page 15-13

.

To specify how Cisco Secure ACS processes unknown users, follow these steps:

Step 1

In the navigation bar, click External User Databases, and then click Unknown
User Policy.

Step 2

To deny unknown user authentication requests, select the Fail the attempt option.

Note

Selecting the Fail the attempt option does not affect posture validation
requests. Cisco Secure ACS always uses the Unknown User Policies for
posture validation.

Step 3

To allow unknown user authentication, enable the Unknown User Policy. To do
so, follow these steps:

a.

Select the Check the following external user databases option.

b.

For each database that you want Cisco Secure ACS to use for posture
validation or unknown user authentication, select the database in the External
Databases list and click --> (right arrow button) to move it to the Selected
Databases list. To remove a database from the Selected Databases list, select
the database, and then click <-- (left arrow button) to move it back to the
External Databases list.

c.

To assign the database search order, select a database from the Selected
Databases list and click Up or Down to move it into the position you want.