Nac group mapping, Configuring nac group mapping – Cisco 3.3 User Manual
Page 641
16-13
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 16 User Group Mapping and Specification
NAC Group Mapping
The Order mappings for database page appears. The group mappings for the
current database appear in the Order list.
Step 7
Select the name of a group set mapping you want to move, and then click Up or
Down until it is in the position you want.
Step 8
Repeat Step 7 until the group mappings are in the order you need.
Step 9
Click Submit.
The Group Mappings for database page displays the group set mappings in the
order you defined.
NAC Group Mapping
Group mapping for Network Admission Control (NAC) databases provides the
means to connect a system posture token (SPT) that is the result of posture
validation to the user group whose authorizations you have configured to
correspond to that SPT. Through the use of group mapping, the applicable
downloadable IP ACLs and Cisco RADIUS cisco-av-pair attribute values are
assigned to network sessions of a Network Admission Control (NAC)-client
workstation. Each NAC database instance that you create has unique
SPT-to-group mappings for each of the five SPTs.
For more information about posture tokens, see
.
Configuring NAC Group Mapping
To configure NAC group mapping, follow these steps:
Step 1
In the navigation bar, click External User Databases.
Step 2
Click Database Group Mappings.
Cisco Secure ACS displays a list of all external databases, including NAC
databases.
Step 3
Click the name of the NAC database whose SPT-to-group mappings you want to
configure.