Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 241

    Page 241 17 Managing Policy Elements Managing Authorizations and Permissions Authorization profiles for network access authorization (for RADIUS). Shell profiles for TACACS+ shell sessions and command sets for device administration. Downloadable ACLs. Security groups and security group ACLs for Cisco Security Group Access. See ACS and Cisco Security Group Access, page 21, for information on configuring these policy elements. These topics describe how to manage authorizations and permissions: Creating,... 
    17   
Managing Policy Elements
Managing Authorizations and Permissions
Authorization profiles for network access authorization (for RADIUS).
Shell profiles for TACACS+ shell sessions and command sets for device administration. 
Downloadable ACLs.
Security groups and security group ACLs for Cisco Security Group Access. See ACS and Cisco Security Group 
Access, page 21, for information on configuring these policy elements.
These topics describe how to manage authorizations and permissions:
Creating,...

    Page 242

    Page 242 18 Managing Policy Elements Managing Authorizations and Permissions 2.Do one of the following: Click Create. Check the check box the authorization profile that you want to duplicate and click Duplicate. Click the name that you want to modify; or, check the check box the name that you want to modify and click Edit. The Authorization Profile Properties page appears. 3.Enter valid configuration data in the required fields in each tab. See: Specifying Authorization Profiles, page 18 Specifying... 
    18
Managing Policy Elements
 
Managing Authorizations and Permissions
2.Do one of the following:
Click Create.
Check the check box the authorization profile that you want to duplicate and click Duplicate.
Click the name that you want to modify; or, check the check box the name that you want to modify and click Edit.
The Authorization Profile Properties page appears.
3.Enter valid configuration data in the required fields in each tab. See: 
Specifying Authorization Profiles, page 18 
Specifying...

    Page 243

    Page 243 19 Managing Policy Elements Managing Authorizations and Permissions The RADIUS Attributes tab to configure RADIUS attributes for the authorization profile; see Specifying RADIUS Attributes in Authorization Profiles, page 20. Specifying Common Attributes in Authorization Profiles Use this tab to specify common RADIUS attributes to include in a network access authorization profile. ACS converts the specified values to the required RADIUS attribute-value pairs and displays them in the RADIUS... 
    19   
Managing Policy Elements
Managing Authorizations and Permissions
The RADIUS Attributes tab to configure RADIUS attributes for the authorization profile; see Specifying RADIUS 
Attributes in Authorization Profiles, page 20.
Specifying Common Attributes in Authorization Profiles
Use this tab to specify common RADIUS attributes to include in a network access authorization profile. ACS converts the 
specified values to the required RADIUS attribute-value pairs and displays them in the RADIUS...

    Page 244

    Page 244 20 Managing Policy Elements Managing Authorizations and Permissions Specifying RADIUS Attributes in Authorization Profiles Use this tab to configure which RADIUS attributes to include in the Access-Accept packet for an authorization profile. This tab also displays the RADIUS attribute parameters that you choose in the Common Tasks tab. 1.Choose Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles, then click: Create to create a new network access authorization... 
    20
Managing Policy Elements
 
Managing Authorizations and Permissions
Specifying RADIUS Attributes in Authorization Profiles
Use this tab to configure which RADIUS attributes to include in the Access-Accept packet for an authorization profile. 
This tab also displays the RADIUS attribute parameters that you choose in the Common Tasks tab.
1.Choose Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles, then click:
Create to create a new network access authorization...

    Page 245

    Page 245 21 Managing Policy Elements Managing Authorizations and Permissions 3.To c o n f i g u r e : Basic information of an authorization profile; see Specifying Authorization Profiles, page 18. RADIUS Attribute Name of the RADIUS attribute. Click Select to choose a RADIUS attribute from the specified dictionary. You must manually add VPN attributes to the authorization profile to authenticate VPN devices in your network. ACS can work with different Layer 2 and Layer 3 protocols, such as:... 
    21   
Managing Policy Elements
Managing Authorizations and Permissions
3.To  c o n f i g u r e :
Basic information of an authorization profile; see Specifying Authorization Profiles, page 18. RADIUS  Attribute  Name of the RADIUS attribute. Click Select to choose a RADIUS attribute from the specified dictionary.
You must manually add VPN attributes to the authorization profile to authenticate VPN devices in your 
network. ACS can work with different Layer 2 and Layer 3 protocols, such as:...

    Page 246

    Page 246 22 Managing Policy Elements Managing Authorizations and Permissions Common tasks for an authorization profile; see Specifying Common Attributes in Authorization Profiles, page 19. Creating and Editing Security Groups Use this page to view names and details of security groups and security group tags (SGTs), and to open pages to create, duplicate, and edit security groups. When you create a security group, ACS generates a unique SGT. Network devices can query ACS for SGT information. The network... 
    22
Managing Policy Elements
 
Managing Authorizations and Permissions
Common tasks for an authorization profile; see Specifying Common Attributes in Authorization Profiles, page 19.
Creating and Editing Security Groups
Use this page to view names and details of security groups and security group tags (SGTs), and to open pages to create, 
duplicate, and edit security groups.
When you create a security group, ACS generates a unique SGT. Network devices can query ACS for SGT information. 
The network...

    Page 247

    Page 247 23 Managing Policy Elements Managing Authorizations and Permissions The Custom Attributes tab allows you to configure additional attributes. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. Custom attributes can be defined for nonshell services. For a description of the attributes that you specify in shell profiles, see Cisco IOS documentation for the specific release of Cisco IOS software that is... 
    23   
Managing Policy Elements
Managing Authorizations and Permissions
The Custom Attributes tab allows you to configure additional attributes. Each definition consists of the attribute name, 
an indication of whether the attribute is mandatory or optional, and the value for the attribute. Custom attributes can be 
defined for nonshell services.
For a description of the attributes that you specify in shell profiles, see Cisco IOS documentation for the specific release 
of Cisco IOS software that is...

    Page 248

    Page 248 24 Managing Policy Elements Managing Authorizations and Permissions Click Create. Check the check box the shell profile that you want to duplicate and click Duplicate. Click the name that you want to modify; or, check the check box the name that you want to modify and click Edit. 2.Complete the Shell Profile: General fields as described in Table 73 on page 24: 3.Click: Submit to save your changes and return to the Shell Profiles page. The Common Tasks tab to configure privilege levels for the... 
    24
Managing Policy Elements
 
Managing Authorizations and Permissions
Click Create.
Check the check box the shell profile that you want to duplicate and click Duplicate.
Click the name that you want to modify; or, check the check box the name that you want to modify and click Edit.
2.Complete the Shell Profile: General fields as described in Table 73 on page 24:
3.Click:
Submit to save your changes and return to the Shell Profiles page.
The Common Tasks tab to configure privilege levels for the...

    Page 249

    Page 249 25 Managing Policy Elements Managing Authorizations and Permissions Table 74 Shell Profile: Common Tasks Option Description Privilege Level Default Privilege (Optional) Enables the initial privilege level assignment that you allow for a client, through shell authorization. If disabled, the setting is not interpreted in authorization and permissions. The Default Privilege Level specifies the default (initial) privilege level for the shell profile. If you select Static as the Enable Default Privilege... 
    25   
Managing Policy Elements
Managing Authorizations and Permissions
Table 74 Shell Profile: Common Tasks
Option Description
Privilege Level
Default Privilege (Optional) Enables the initial privilege level assignment that you allow for a client, through shell 
authorization. If disabled, the setting is not interpreted in authorization and permissions.
The Default Privilege Level specifies the default (initial) privilege level for the shell profile. If you select 
Static as the Enable Default Privilege...

    Page 250

    Page 250 26 Managing Policy Elements Managing Authorizations and Permissions 3.Click: Submit to save your changes and return to the Shell Profiles page. The General tab to configure the name and description for the authorization profile; see Defining General Shell Profile Properties, page 23. The Custom Attributes tab to configure Custom Attributes for the authorization profile; see Defining Custom Attributes, page 27. To substitute the static value of a TACACS+ attribute with a value of another attribute... 
    26
Managing Policy Elements
 
Managing Authorizations and Permissions
3.Click:
Submit to save your changes and return to the Shell Profiles page.
The General tab to configure the name and description for the authorization profile; see Defining General Shell Profile 
Properties, page 23.
The Custom Attributes tab to configure Custom Attributes for the authorization profile; see Defining Custom 
Attributes, page 27.
To substitute the static value of a TACACS+ attribute with a value of another attribute...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals