Configuring groups – IBM Tivoli and Cisco User Manual

Chapter 7. Network enforcement subsystem implementation

237

2. From the Interface Configuration menu, select RADIUS (Cisco IOS/PIX 6.0)

(Figure 7-20).

Figure 7-20 Cisco IOS/PIX 6.0 RADIUS attributes

For L2Dot1x NAC, you must select [026/009/001] cisco-av-pair.

3. After selecting this item, click Submit.

Configuring groups

The group setup and configuration portion of the Cisco Secure ACS requires
careful thought and planning. In the NAC L2 802.1x scenario we are using here,
we have two locally defined groups, sales and engineering. One of the nice
features about NAC L2 802.1x is the ability to place users into various different
VLANS dynamically based on dot1x authentication and posture validation. In our
scenario, the default VLAN for sales is VLAN 11. The default VLAN for
engineering is VLAN 12. Part of the planning process is whether your groups will
be locally defined on the Cisco Secure ACS, or will be mapped to a Microsoft