Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 151

    Page 151 2 Managing Users and Identity Stores Managing Internal Identity Stores Viewing and Performing Bulk Operations for Internal Identity Store Users To view and perform bulk operations to internal identity store users: 1.Choose Users and Identity Stores > Internal Identity Stores > Users. The Internal Users page appears, with the following information for all configured users: Status—The status of the user User Name—The username of the user Identity Group—The identity group to which the user belongs... 
    2   
Managing Users and Identity Stores
Managing Internal Identity Stores
Viewing and Performing Bulk Operations for Internal Identity Store Users
To view and perform bulk operations to internal identity store users:
1.Choose Users and Identity Stores > Internal Identity Stores > Users.
The Internal Users page appears, with the following information for all configured users:
Status—The status of the user
User Name—The username of the user
Identity Group—The identity group to which the user belongs...

    Page 152

    Page 152 2 Managing Users and Identity Stores Managing Internal Identity Stores ACS must be configured to send passed authentication messages to the log collector server. The log collector server must be running and receiving syslog messages from all ACS nodes in the deployment. The log recovery feature must be enabled. ACS 5.7 allows the administrator to configure the maximum number of days from ACS web interface during which the internal hosts’ accounts are enabled despite the hosts not having logged in... 
    2
Managing Users and Identity Stores
 
Managing Internal Identity Stores
ACS must be configured to send passed authentication messages to the log collector server.
The log collector server must be running and receiving syslog messages from all ACS nodes in the deployment. 
The log recovery feature must be enabled.
ACS 5.7 allows the administrator to configure the maximum number of days from ACS web interface during which the internal 
hosts’ accounts are enabled despite the hosts not having logged in...

    Page 153

    Page 153 2 Managing Users and Identity Stores Managing Internal Identity Stores The Internal Hosts page appears, listing any configured internal hosts. 2.Click Create. You can also: Check the check box next to the MAC address you want to duplicate, then click Duplicate. Click the MAC address that you want to modify, or check the check box next to the MAC address and click Edit. Click File Operations to perform bulk operations. See Viewing and Performing Bulk Operations for Internal Identity Store Hosts,... 
    2   
Managing Users and Identity Stores
Managing Internal Identity Stores
The Internal Hosts page appears, listing any configured internal hosts.
2.Click Create. You can also:
Check the check box next to the MAC address you want to duplicate, then click Duplicate.
Click the MAC address that you want to modify, or check the check box next to the MAC address and click Edit.
Click File Operations to perform bulk operations. See Viewing and Performing Bulk Operations for Internal Identity Store 
Hosts,...

    Page 154

    Page 154 2 Managing Users and Identity Stores Managing Internal Identity Stores 4.Click Submit to save changes. Table 42 Internal Hosts Properties Page Option Description General MAC Address ACS 5.7 support wildcards while adding new hosts to the internal identity store. Enter a valid MAC address, using any of the following formats: 01-23-45-67-89-AB/01-23-45-* 01:23:45:67:89:AB/01:23:45:* 0123.4567.89AB/0123.45* 0123456789AB/012345* ACS accepts a MAC address in any of the above formats, and converts and... 
    2
Managing Users and Identity Stores
 
Managing Internal Identity Stores
4.Click Submit to save changes.
Table 42 Internal Hosts Properties Page
Option Description
General
MAC Address ACS 5.7 support wildcards while adding new hosts to the internal identity store. Enter a valid MAC 
address, using any of the following formats:
01-23-45-67-89-AB/01-23-45-*
01:23:45:67:89:AB/01:23:45:*
0123.4567.89AB/0123.45*
0123456789AB/012345*
ACS accepts a MAC address in any of the above formats, and converts and...

    Page 155

    Page 155 2 Managing Users and Identity Stores Managing Internal Identity Stores The MAC address configuration is saved. The Internal MAC list page appears with the new configuration. Note: Hosts with wildcards (supported formats) for MAC addresses are migrated from 4.x to 5.x. Note: You can add wildcard for MAC address which allows the entire range of Organization Unique Identifier (OUI) clients. For example: If you add Cisco's MAC address 00-00-0C-*, the entire range of Cisco devices will be added to... 
    2   
Managing Users and Identity Stores
Managing Internal Identity Stores
The MAC address configuration is saved. The Internal MAC list page appears with the new configuration.
Note: Hosts with wildcards (supported formats) for MAC addresses are migrated from 4.x to 5.x. 
Note: You can add wildcard for MAC address which allows the entire range of Organization Unique Identifier (OUI) clients. 
For example: If you add Cisco's MAC address 00-00-0C-*, the entire range of Cisco devices will be added to...

    Page 156

    Page 156 2 Managing Users and Identity Stores Managing Internal Identity Stores 2.Click File Operations to perform any of the following functions: Add—Choose this option to add internal hosts from an import file to ACS. Update—Choose this option to replace the list of internal hosts in ACS with the internal hosts in the import file. Delete—Choose this option to delete the internal hosts listed in the import file from ACS. See Performing Bulk Operations for Network Resources and Users, page 7 for a detailed... 
    2
Managing Users and Identity Stores
 
Managing Internal Identity Stores
2.Click File Operations to perform any of the following functions:
Add—Choose this option to add internal hosts from an import file to ACS.
Update—Choose this option to replace the list of internal hosts in ACS with the internal hosts in the import file.
Delete—Choose this option to delete the internal hosts listed in the import file from ACS.
See Performing Bulk Operations for Network Resources and Users, page 7 for a detailed...

    Page 157

    Page 157 2 Managing Users and Identity Stores Managing Internal Identity Stores Configuring Users or Hosts for Management Hierarchy A specific level of access is defined to represent the top-most node in the Management Hierarchy assigned for each user or a host. This level is defined in the user’s “ManagementHierarchy” attribute. Total value length is limited to 256 characters. The administrator can configure any level of hierarchy while defining management centers or AAA client locations. The syntax for... 
    2   
Managing Users and Identity Stores
Managing Internal Identity Stores
Configuring Users or Hosts for Management Hierarchy
A specific level of access is defined to represent the top-most node in the Management Hierarchy assigned for each user or a 
host. This level is defined in the user’s “ManagementHierarchy” attribute. Total value length is limited to 256 characters. 
The administrator can configure any level of hierarchy while defining management centers or AAA client locations. The syntax 
for...

    Page 158

    Page 158 2 Managing Users and Identity Stores Managing Internal Identity Stores See Configuring a Session Authorization Policy for Network Access, page 30, for more information on creating an authorization policy for network access. 8.After successfully creating the policy, try authenticating the user using the created policy. The user will be authenticated only if the hierarchy defined for the user equals or is contained in the AAA clients hierarchy. You can view the logs to analyze the authentication... 
    2
Managing Users and Identity Stores
 
Managing Internal Identity Stores
See Configuring a Session Authorization Policy for Network Access, page 30, for more information on creating an 
authorization policy for network access. 
8.After successfully creating the policy, try authenticating the user using the created policy. The user will be authenticated 
only if the hierarchy defined for the user equals or is contained in the AAA clients hierarchy. You can view the logs to analyze 
the authentication...

    Page 159

    Page 159 2 Managing Users and Identity Stores Managing External Identity Stores Managing External Identity Stores ACS 5.7 integrates with external identity systems in a number of ways. You can leverage an external authentication service or use an external system to obtain the necessary attributes to authenticate a principal, as well to integrate the attributes into an ACS policy. For example, ACS can leverage Microsoft AD to authenticate a principal, or it could leverage an LDAP bind operation to find a... 
    2   
Managing Users and Identity Stores
Managing External Identity Stores
Managing External Identity Stores
ACS 5.7 integrates with external identity systems in a number of ways. You can leverage an external authentication service or 
use an external system to obtain the necessary attributes to authenticate a principal, as well to integrate the attributes into an 
ACS policy. 
For example, ACS can leverage Microsoft AD to authenticate a principal, or it could leverage an LDAP bind operation to find a...

    Page 160

    Page 160 3 Managing Users and Identity Stores Managing External Identity Stores Viewing LDAP Attributes, page 42 Directory Service The directory service is a software application, or a set of applications, for storing and organizing information about a computer network's users and network resources. You can use the directory service to manage user access to these resources. The LDAP directory service is based on a client-server model. A client starts an LDAP session by connecting to an LDAP server, and... 
    3
Managing Users and Identity Stores
 
Managing External Identity Stores
Viewing LDAP Attributes, page 42
Directory Service
The directory service is a software application, or a set of applications, for storing and organizing information about a computer 
network's users and network resources. You can use the directory service to manage user access to these resources. 
The LDAP directory service is based on a client-server model. A client starts an LDAP session by connecting to an LDAP server, 
and...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals