Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 261

    Page 261 5 Managing Access Policies Configuring the Service Selection Policy An access service policy, choose Access Policies > Access Services > service > policy, where service is the name of the access service, and policy is the name of the policy that you want to customize. 2.In the Policy page, click Customize. A list of conditions appears. This list includes identity attributes, system conditions, and custom conditions. Note: Identity-related attributes are not available as conditions in a service... 
    5   
Managing Access Policies
Configuring the Service Selection Policy
An access service policy, choose Access Policies > Access Services > service > policy, where service is the name 
of the access service, and policy is the name of the policy that you want to customize.
2.In the Policy page, click Customize.
A list of conditions appears. This list includes identity attributes, system conditions, and custom conditions. 
Note: Identity-related attributes are not available as conditions in a service...

    Page 262

    Page 262 6 Managing Access Policies Configuring the Service Selection Policy Service Selection Policy Page Use this page to configure a simple or rule-based policy to determine which service to apply to incoming requests. To display this page, choose Access Policies > Service Selection. If you have already configured the service selection policy, the corresponding Simple Policy page (see Table 80 on page 6) or Rule-based Policy page (see Table 81 on page 6) opens; otherwise, the Simple Policy page opens by... 
    6
Managing Access Policies
 
Configuring the Service Selection Policy
Service Selection Policy Page
Use this page to configure a simple or rule-based policy to determine which service to apply to incoming requests.
To display this page, choose Access Policies > Service Selection.
If you have already configured the service selection policy, the corresponding Simple Policy page (see Table 80 on 
page 6) or Rule-based Policy page (see Table 81 on page 6) opens; otherwise, the Simple Policy page opens by...

    Page 263

    Page 263 7 Managing Access Policies Configuring the Service Selection Policy To configure a rule-based service selection policy, see these topics: Creating, Duplicating, and Editing Service Selection Rules, page 7 Deleting Service Selection Rules, page 10 After you configure your service selection policy, you can continue to configure your access service policies. See Configuring Access Service Policies, page 22. Creating, Duplicating, and Editing Service Selection Rules Create service selection rules to... 
    7   
Managing Access Policies
Configuring the Service Selection Policy
To configure a rule-based service selection policy, see these topics:
Creating, Duplicating, and Editing Service Selection Rules, page 7
Deleting Service Selection Rules, page 10
After you configure your service selection policy, you can continue to configure your access service policies. See 
Configuring Access Service Policies, page 22.
Creating, Duplicating, and Editing Service Selection Rules
Create service selection rules to...

    Page 264

    Page 264 8 Managing Access Policies Configuring the Service Selection Policy To create, duplicate, or edit a service selection policy rule: 1.Select Access Policies > Service Selection Policy. If you: Previously created a rule-based policy, the Rule-Based Service Selection Policy page appears with a list of configured rules. Have not created a rule-based policy, the Simple Service Selection Policy page appears. Click Rule-Based. 2.Do one of the following: Click Create. Check the check box the rule that you... 
    8
Managing Access Policies
 
Configuring the Service Selection Policy
To create, duplicate, or edit a service selection policy rule:
1.Select Access Policies > Service Selection Policy. If you:
Previously created a rule-based policy, the Rule-Based Service Selection Policy page appears with a list of 
configured rules.
Have not created a rule-based policy, the Simple Service Selection Policy page appears. Click Rule-Based.
2.Do one of the following:
Click Create.
Check the check box the rule that you...

    Page 265

    Page 265 9 Managing Access Policies Configuring the Service Selection Policy 4.Click OK. The Service Selection Policy page appears with the rule that you configured. 5.Click Save Changes. Related Topics Configuring Access Services, page 10 Deleting Service Selection Rules, page 10 Displaying Hit Counts Use this page to reset and refresh the Hit Count display on the Rule-based Policy page. To display this page, click Hit Count on the Rule-based Policy page. Conditions conditions Conditions that you can... 
    9   
Managing Access Policies
Configuring the Service Selection Policy
4.Click OK. 
The Service Selection Policy page appears with the rule that you configured. 
5.Click Save Changes.
Related Topics
Configuring Access Services, page 10
Deleting Service Selection Rules, page 10
Displaying Hit Counts 
Use this page to reset and refresh the Hit Count display on the Rule-based Policy page.
To display this page, click Hit Count on the Rule-based Policy page. Conditions
conditions Conditions that you can...

    Page 266

    Page 266 10 Managing Access Policies Configuring Access Services Deleting Service Selection Rules Note: You cannot delete the Default service selection rule. To delete a service selection rule: 1.Select Access Policies > Service Selection Policy. The Service Selection Policy page appears, with a list of configured rules. 2.Check one or more check boxes the rules that you want to delete. 3.Click Delete. The Service Selection Rules page appears without the deleted rule(s). 4.Click Save Changes to save the new... 
    10
Managing Access Policies
 
Configuring Access Services
Deleting Service Selection Rules
Note: You cannot delete the Default service selection rule.
To delete a service selection rule:
1.Select Access Policies > Service Selection Policy.
The Service Selection Policy page appears, with a list of configured rules.
2.Check one or more check boxes the rules that you want to delete.
3.Click Delete. 
The Service Selection Rules page appears without the deleted rule(s).
4.Click Save Changes to save the new...

    Page 267

    Page 267 11 Managing Access Policies Configuring Access Services Editing Default Access Services ACS 5.7 is preconfigured with two default access services, one for device administration and another for network access. You can edit these access services. To edit the default access service: 1.Choose one of the following: Access Policies > Access Services > Default Device Admin Access Policies > Access Services > Default Network Access The Default Service Access Service Edit page appears. 2.Edit the fields in... 
    11   
Managing Access Policies
Configuring Access Services
Editing Default Access Services
ACS 5.7 is preconfigured with two default access services, one for device administration and another for network access. 
You can edit these access services.
To edit the default access service:
1.Choose one of the following:
Access Policies > Access Services > Default Device Admin
Access Policies > Access Services > Default Network Access
The Default Service Access Service Edit page appears.
2.Edit the fields in...

    Page 268

    Page 268 12 Managing Access Policies Configuring Access Services —An Identity policy—Defines which identity store to use for authentication. —A group mapping policy—Defines the identity group to which to map. —An Authorization policy—For network access, this policy defines which session authorization profile to apply; for device administration, it defines which shell profile or command set to apply. Allowed protocols—Specifies which authentication protocols are allowed for this access service, and provides... 
    12
Managing Access Policies
 
Configuring Access Services
—An Identity policy—Defines which identity store to use for authentication.
—A group mapping policy—Defines the identity group to which to map.
—An Authorization policy—For network access, this policy defines which session authorization profile to apply; for 
device administration, it defines which shell profile or command set to apply.
Allowed protocols—Specifies which authentication protocols are allowed for this access service, and provides...

    Page 269

    Page 269 13 Managing Access Policies Configuring Access Services Related Topics Deleting an Access Service, page 22 Configuring Access Service Policies, page 22 Configuring the Service Selection Policy, page 5 Configuring General Access Service Properties Access service definitions contain general and allowed protocol information. When you duplicate and edit services, the Access Service properties page contains tabs. 1.Select Access Policies > Access Services, then click Create, Duplicate, or Edit.... 
    13   
Managing Access Policies
Configuring Access Services
Related Topics
Deleting an Access Service, page 22
Configuring Access Service Policies, page 22
Configuring the Service Selection Policy, page 5
Configuring General Access Service Properties
Access service definitions contain general and allowed protocol information. When you duplicate and edit services, the 
Access Service properties page contains tabs.
1.Select Access Policies > Access Services, then click Create, Duplicate, or Edit....

    Page 270

    Page 270 14 Managing Access Policies Configuring Access Services Advanced Options Accounting Remote Accounting Check to enable remote accounting. Local Accounting Check to enable local accounting. Username Prefix\Suffix Stripping Strip start of subject name up to the first occurrence of the separatorCheck to strip the username from the prefix. For example, if the subject name is acme\smith and the separator is \, the username becomes smith. The default separator is \. Strip end of subject name from the... 
    14
Managing Access Policies
 
Configuring Access Services
Advanced Options
Accounting
Remote Accounting Check to enable remote accounting.
Local Accounting Check to enable local accounting.
Username Prefix\Suffix Stripping
Strip start of subject 
name up to the first 
occurrence of the 
separatorCheck to strip the username from the prefix. For example, if the subject name is acme\smith and 
the separator is \, the username becomes smith. The default separator is \.
Strip end of subject name 
from the...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals