Configuration Guide for Cisco Secure ACS 4.2
Chapter 6 Agentless Host Support Configuration Scenario
Basic Configuration Steps for Agentless Host Support
Step 3 If you specified an LDAP database in the Credential Validation Databases section, click LDAP Server
and then select a LDAP database that you configured on the External User Databases > External User
Database Configuration page.
Step 4 If you will validate MAC addresses by using the ACS internal database:
a. Click Internal ACS DB.
b. Click Add.
A text box for entering MAC addresses and associated user group mappings appears, as shown in
Figure 6-13.
Figure 6-13 MAC Address Input Area
c. In the MAC addresses input area, enter one or more MAC addresses to use in authenticating
agentless hosts.
You can enter the MAC address in the following formats for representing MAC-48 addresses in
human-readable form:
Six groups of two hexadecimal digits, separated by hyphens (-) in transmission order; for
example, 01-23-45-67-89-ab.
Six groups of two separated by colons (:); for example, 01:23:45:67:89:ab.
Three groups of four hexadecimal digits separated by dots (.); for example, 0123.4567.89ab.
d. From the drop-down list of user groups in the User Group area, choose a user group to which devices
having one of the specified MAC address are mapped.
e. To add additional groups of MAC addresses, click Add and enter additional groups and associated
user groups as required.
Step 5 In the Default Action (If Agentless request was not assigned to a user group) area, from the drop-down
list of user groups, choose a group to which to assign the MAC addresses if the MAC addresses are not
found in the LDAP Server or the ACS Internal Database; or, if the LDAP Server is not reachable.
Step 6 If you enabled the EAP protocol and posture validation, set up posture validation rules in the Posture
Validation section.
Step 7 As required, specify additional authorization rules in the Authorization section.
Step 8 Click Submit.