Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 251

    Page 251 27 Managing Policy Elements Managing Authorizations and Permissions Defining Custom Attributes Use this tab to define custom attributes for the shell profile. This tab also displays the Common Tasks Attributes that you have chosen in the Common Tasks tab. 1.Edit the fields in the Custom Attributes tab as described in Table 75 on page 27: 2.Click: Submit to save your changes and return to the Shell Profiles page. The General tab to configure the name and description for the authorization profile;... 
    27   
Managing Policy Elements
Managing Authorizations and Permissions
Defining Custom Attributes
Use this tab to define custom attributes for the shell profile. This tab also displays the Common Tasks Attributes that you 
have chosen in the Common Tasks tab.
1.Edit the fields in the Custom Attributes tab as described in Table 75 on page 27:
2.Click:
Submit to save your changes and return to the Shell Profiles page.
The General tab to configure the name and description for the authorization profile;...

    Page 252

    Page 252 28 Managing Policy Elements Managing Authorizations and Permissions To create, duplicate, or edit a new command set: 1.Choose Policy Elements > Authorization and Permissions > Device Administration > Command Sets. The Command Sets page appears. 2.Do one of the following: Click Create. The Command Set Properties page appears. Check the check box the command set that you want to duplicate and click Duplicate. The Command Set Properties page appears. Click the name that you want to modify; or, check... 
    28
Managing Policy Elements
 
Managing Authorizations and Permissions
To create, duplicate, or edit a new command set:
1.Choose Policy Elements > Authorization and Permissions > Device Administration > Command Sets.
The Command Sets page appears.
2.Do one of the following:
Click Create. 
The Command Set Properties page appears.
Check the check box the command set that you want to duplicate and click Duplicate. 
The Command Set Properties page appears.
Click the name that you want to modify; or, check...

    Page 253

    Page 253 29 Managing Policy Elements Managing Authorizations and Permissions 4.Click Submit. The command set is saved. The Command Sets page appears with the command set that you created or duplicated. Related Topics Creating, Duplicating, and Editing Authorization Profiles for Network Access, page 17 Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 22 Deleting an Authorizations and Permissions Policy Element, page 31 Command Set table Use this section to define commands to... 
    29   
Managing Policy Elements
Managing Authorizations and Permissions
4.Click Submit.
The command set is saved. The Command Sets page appears with the command set that you created or duplicated.
Related Topics
Creating, Duplicating, and Editing Authorization Profiles for Network Access, page 17
Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 22
Deleting an Authorizations and Permissions Policy Element, page 31 Command Set table Use this section to define commands to...

    Page 254

    Page 254 30 Managing Policy Elements Managing Authorizations and Permissions Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 22 Creating, Duplicating, and Editing Downloadable ACLs You can define downloadable ACLs for the Access-Accept message to return. Use ACLs to prevent unwanted traffic from entering the network. ACLs can filter source and destination IP addresses, transport protocols, and more by using the RADIUS protocol. After you create downloadable ACLs as named... 
    30
Managing Policy Elements
 
Managing Authorizations and Permissions
Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 22
Creating, Duplicating, and Editing Downloadable ACLs
You can define downloadable ACLs for the Access-Accept message to return. Use ACLs to prevent unwanted traffic from 
entering the network. ACLs can filter source and destination IP addresses, transport protocols, and more by using the 
RADIUS protocol.
After you create downloadable ACLs as named...

    Page 255

    Page 255 31 Managing Policy Elements Managing Authorizations and Permissions 4.Click Submit. The downloadable ACL is saved. The Downloadable ACLs page appears with the downloadable ACL that you created or duplicated. Related Topics Creating, Duplicating, and Editing Authorization Profiles for Network Access, page 17 Configuring a Session Authorization Policy for Network Access, page 30 Deleting an Authorizations and Permissions Policy Element, page 31 Deleting an Authorizations and Permissions Policy... 
    31   
Managing Policy Elements
Managing Authorizations and Permissions
4.Click Submit.
The downloadable ACL is saved. The Downloadable ACLs page appears with the downloadable ACL that you 
created or duplicated.
Related Topics
Creating, Duplicating, and Editing Authorization Profiles for Network Access, page 17
Configuring a Session Authorization Policy for Network Access, page 30
Deleting an Authorizations and Permissions Policy Element, page 31
Deleting an Authorizations and Permissions Policy...

    Page 256

    Page 256 32 Managing Policy Elements Managing Authorizations and Permissions SGACLs are also called role-based ACLs (RBACLs). 1.Choose Policy Elements > Authorizations and Permissions > Named Permissions Objects > Security Group ACLs. The Security Group Access Control Lists page appears with the fields described in Table 78 on page 32: 2.Click one of the following options: Create to create a new SGACL. Duplicate to duplicate an SGACL. Edit to edit an SGACL. 3.Complete the fields in the Security Group Access... 
    32
Managing Policy Elements
 
Managing Authorizations and Permissions
SGACLs are also called role-based ACLs (RBACLs).
1.Choose Policy Elements > Authorizations and Permissions > Named Permissions Objects > Security Group 
ACLs.
The Security Group Access Control Lists page appears with the fields described in Table 78 on page 32:
2.Click one of the following options:
Create to create a new SGACL.
Duplicate to duplicate an SGACL.
Edit to edit an SGACL.
3.Complete the fields in the Security Group Access...

    Page 257

    Page 257 1 Cisco Systems, Inc.www.cisco.com Managing Access Policies In ACS 5.7, policy drives all activities. Policies consist mainly of rules that determine the action of the policy. You create access services to define authentication and authorization policies for requests. A global service selection policy contains rules that determine which access service processes an incoming request. For a basic work flow for configuring policies and all their elements, see Flows for Configuring Services and Policies,... 
    1
Cisco Systems, Inc.www.cisco.com
 
Managing Access Policies
In ACS 5.7, policy drives all activities. Policies consist mainly of rules that determine the action of the policy. You create 
access services to define authentication and authorization policies for requests. A global service selection policy 
contains rules that determine which access service processes an incoming request. 
For a basic work flow for configuring policies and all their elements, see Flows for Configuring Services and Policies,...

    Page 258

    Page 258 2 Managing Access Policies Policy Creation Flow This section contains the following topics: Network Definition and Policy Goals, page 2 Policy Elements in the Policy Creation Flow, page 2 Access Service Policy Creation, page 4 Service Selection Policy Creation, page 4 Network Definition and Policy Goals The first step in creating a policy is to determine the devices and users for which the policy should apply. Then you can start to configure your policy elements. For basic policy creation, you can... 
    2
Managing Access Policies
 
Policy Creation Flow
This section contains the following topics:
Network Definition and Policy Goals, page 2
Policy Elements in the Policy Creation Flow, page 2
Access Service Policy Creation, page 4
Service Selection Policy Creation, page 4
Network Definition and Policy Goals
The first step in creating a policy is to determine the devices and users for which the policy should apply. Then you can 
start to configure your policy elements.
For basic policy creation, you can...

    Page 259

    Page 259 3 Managing Access Policies Policy Creation Flow The locations, device types, and identity groups that you create are children of these defaults. To create the building blocks for a basic device administration policy: 1.Create network resources. In the Network Resources drawer, create: a.Device groups for Locations, such as All Locations > East, West, HQ. b.Device groups for device types, such as All Device Types > Router, Switch. c.AAA clients (clients for AAA switches and routers, address for each,... 
    3   
Managing Access Policies
Policy Creation Flow
The locations, device types, and identity groups that you create are children of these defaults. 
To create the building blocks for a basic device administration policy:
1.Create network resources. In the Network Resources drawer, create:
a.Device groups for Locations, such as All Locations > East, West, HQ. 
b.Device groups for device types, such as All Device Types > Router, Switch.
c.AAA clients (clients for AAA switches and routers, address for each,...

    Page 260

    Page 260 4 Managing Access Policies Customizing a Policy Access Service Policy Creation After you create the basic elements, you can create an access policy that includes identity groups and privileges. For example, you can create an access service for device administration, called NetOps, which contains authorization and authentication policies that use this data: Users in the Supervisor identity group—Full privileges to all devices at all locations. User in the East, HQ, West identity groups—Full... 
    4
Managing Access Policies
 
Customizing a Policy
Access Service Policy Creation
After you create the basic elements, you can create an access policy that includes identity groups and privileges. For 
example, you can create an access service for device administration, called NetOps, which contains authorization and 
authentication policies that use this data:
Users in the Supervisor identity group—Full privileges to all devices at all locations.
User in the East, HQ, West identity groups—Full...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals