3. with the AD Integrated (This article focuses on the introduction, it took me a day to study out, hehe!) )
Enter Externaluser Databases page, there are 3 options under this page :
A) Unknown User Policy
b) Database Group Mappings
c) Database Configuration
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/30/wKiom1R7wHqjmuSeAAJL6xJjXZk208.jpg "title=" 1.png " alt= "Wkiom1r7whqjmuseaajl6xjjxzk208.jpg"/>
Section1Step:Unknown User Policy
The role here is when when ACS detects non-local users, it can go to the external database, so this is why ACS joins the domain, moving Windows Database to the right and committing
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/2F/wKioL1R7wQ-z3V8RAAJxuHHRwsU978.jpg "title=" 2.png " alt= "Wkiol1r7wq-z3v8raajxuhhrwsu978.jpg"/>
Section2Step:Database Configuration, selectWindows Database.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2F/wKioL1R7wRvi5NJTAAH0f-S61wk745.jpg "title=" 3.png " alt= "Wkiol1r7wrvi5njtaah0f-s61wk745.jpg"/>
Select configuration
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/2F/wKioL1R7wSSzGPHhAAHWGsdvTos431.jpg "title=" 4.png " alt= "Wkiol1r7wsszgphhaahwgsdvtos431.jpg"/>
As set:
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2F/wKioL1R7wS2BI0loAAJ2BJm3rUg704.jpg "title=" 5.png " alt= "Wkiol1r7ws2bi0loaaj2bjm3rug704.jpg"/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/30/wKiom1R7wK3gNQg1AAJx21JuEg0434.jpg "title=" 6.png " alt= "Wkiom1r7wk3gnqg1aajx21jueg0434.jpg"/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/30/wKiom1R7wLvxbOHAAAIsYDgHtuc716.jpg "title=" 7.png " alt= "Wkiom1r7wlvxbohaaaisydghtuc716.jpg"/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/2F/wKioL1R7wUuysT5gAAJ2cP6PFMg423.jpg "title=" 8.png " alt= "Wkiol1r7wuuyst5gaaj2cp6pfmg423.jpg"/>
Final submission.
Section3Step:Group Mapping, putADthe inside of the group withAcsThe group inside does a mapping, and the effect is throughADthe user in the inside does the authentication,AcsGroup Policy to authorize.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/2F/wKioL1R7wVbgLewgAAHXZDMybiQ924.jpg "title=" 9.png " alt= "Wkiol1r7wvbglewgaahxzdmybiq924.jpg"/>
Select New
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/2F/wKioL1R7wV_QOxU_AAHCskwvEec490.jpg "title=" 10.png "alt=" Wkiol1r7wv_qoxu_aahcskwveec490.jpg "/>
Select NAC After this domain is submitted
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/2F/wKioL1R7wXbSDb7yAAIT5gnlsuo341.jpg "title=" 11.png "alt=" Wkiol1r7wxbsdb7yaait5gnlsuo341.jpg "/>
Select NAC configures this domain
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/54/30/wKiom1R7wPSjw4V5AAHioh4lf1g560.jpg "title=" 12.png "alt=" Wkiom1r7wpsjw4v5aahioh4lf1g560.jpg "/>
Select Add Mapping
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/2F/wKioL1R7wYTgUfKiAAH7iOxq_7M325.jpg "title=" 13.png "alt=" Wkiol1r7wytgufkiaah7ioxq_7m325.jpg "/>
Add the members of the domain as needed, and here I choose Users,domain Admins,Domain Users. Then the ACS group selects the corresponding groups of ACS (the entire experimental process I use only the default group), and then submit!
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/54/30/wKiom1R7wQSCVL02AAJEh80Qn9g327.jpg "title=" 14.png "alt=" Wkiom1r7wqscvl02aajeh80qn9g327.jpg "/>
so far, ACS already can and AD it's integrated.
Video sharing: Http://www.dwz.cn/lij9D
Acs+802.1x+aaa+ad+ca Detailed configuration tutorial (iii)