Cisco 2509 - Router - EN User Manual page 486

Unknown User Processing
To specify how Cisco Secure ACS should handle users who are not in the
Cisco Secure ACS database, follow these steps:
In the navigation bar, click External User Databases.
Step 1
Click Unknown User Policy.
Step 2
Step 3 To deny authentication requests for any unknown user, select the Fail the attempt
option.
Step 4 To allow authentication requests for unknown users, follow these steps:
a.
b.
c.
Tip
d.
Click Submit.
Step 5
Result: Cisco Secure ACS saves and implements the Unknown User Policy
configuration you created. Cisco Secure ACS attempts to authenticate unknown
users using the databases in the order listed in the Selected Databases list.
User Guide for Cisco Secure ACS for Windows Server
12-10
Select the Check the following external user databases option.
For each database you need Cisco Secure ACS to use when attempting to
authenticate unknown users, select the database in the External Databases list
and click —> (right arrow button) to move it to the Selected Databases list.
To remove a database from the Selected Databases list, select the database,
and then click <— (left arrow button) to move it back to the External
Databases list.
To assign the order in which Cisco Secure ACS should use the selected
external databases when attempting to authenticate an unknown user, click a
database name in the Selected Databases list and click Up or Down to move
it into the position you want.
Place at the top of the list databases that are most likely to authenticate
unknown users or those databases that are associated with AAA clients or
authentications protocols that are particularly time-sensitive, such as
PEAP.
Repeat Step a through Step c until the selected databases are in the order
needed.
Chapter 12 Administering External User Databases
78-14696-01, Version 3.1