beautypg.com

Known, unknown, and discovered users – Cisco 3.3 User Manual

Page 612

background image

Chapter 15 Unknown User Policy

Known, Unknown, and Discovered Users

15-2

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Posture Validation and the Unknown User Policy, page 15-10

NAC and the Unknown User Policy, page 15-10

Posture Validation Use of the Unknown User Policy, page 15-11

Required Use for Posture Validation, page 15-12

Authorization of Unknown Users, page 15-13

Unknown User Policy Options, page 15-13

Database Search Order, page 15-14

Configuring the Unknown User Policy, page 15-16

Disabling Unknown User Authentication, page 15-17

Known, Unknown, and Discovered Users

The Unknown User Policy feature provides different means of handling
authentication or posture validation requests, depending upon the type of user
requesting AAA services. There are three types of users. Their significance varies
depending on whether the service requested is authentication or posture
validation:

Known Users—Users explicitly added, either manually or automatically, to
the CiscoSecure user database. These are users added by an administrator
using the HTML interface, by the RDBMS Synchronization feature, by the
Database Replication feature, or by the CSUtil.exe utility. For more
information about CSUtil.exe, see

Appendix D, “CSUtil Database Utility”

.

Cisco Secure ACS handles authentication and posture validation requests for
known users as follows:

Authentication—Cisco Secure ACS attempts to authenticate a known
user with the single user database that the user is associated with. If the
user database is the CiscoSecure user database and the user does not
represent a Voice-over-IP (VoIP) user account, a password is required for
the user. If the user database is an external user database or if the user
represents a VoIP user account, Cisco Secure ACS does not have to store
a user password in the CiscoSecure user database.