Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

Page 271

15   
Managing Access Policies
Configuring Access Services
Operation You can perform the following three operations: 
Choose ADD to add a new attribute value for the selected RADIUS attribute: 
—If Multiple not allowed—adds the new value for the selected attribute only if this attribute 
does not exists on the request. 
—If Multiple allowed—always adds the attribute with a new value. 
Choose UPDATE to update the existing value of a selected RADIUS attribute:
—If Multiple not allowed—updates the...

Page 272

16
Managing Access Policies
 
Configuring Access Services
3.Click Next to configure the allowed protocols. See Configuring Access Service Allowed Protocols, page 16.
Related Topic
Configuring Access Service Allowed Protocols, page 16
Configuring Access Services Templates, page 21
Configuring Access Service Allowed Protocols
The allowed protocols are the second part of access service creation. Access service definitions contain general and 
allowed protocol information. When you duplicate and edit...

Page 273

17   
Managing Access Policies
Configuring Access Services
Table 86 Access Service Properties—Allowed Protocols Page
Option Description
Process Host Lookup Check to configure ACS to process the Host Lookup field (for example, when the RADIUS 
Service-Type equals 10) and use the System UserName attribute from the RADIUS 
Calling-Station-ID attribute. 
Uncheck for ACS to ignore the Host Lookup request and use the original value of the system 
UserName attribute for authentication and authorization. When...

Page 274

18
Managing Access Policies
 
Configuring Access Services
Allow PEAP Enables the PEAP authentication protocol and PEAP settings. The default inner method is 
MSCHAPv2.
When you check Allow PEAP, you can configure the following PEAP inner methods:
Allow EAP-TLS—Check to use EAP-TLS as the inner method.
Allow EAP-MSCHAPv2—Check to use EAP-MSCHAPv2 as the inner method.
—Allow Password Change—Check for ACS to support password changes.
—Retry Attempts—Specifies how many times ACS requests user credentials...

Page 275

19   
Managing Access Policies
Configuring Access Services
Allow EAP-FAST Enables the EAP-FAST authentication protocol and EAP-FAST settings. The EAP-FAST protocol 
can support multiple internal protocols on the same server. The default inner method is 
MSCHAPv2.
When you check Allow EAP-FAST, you can configure EAP-FAST inner methods:
Allow EAP-MSCHAPv2
—Allow Password Change—Check for ACS to support password changes in phase zero 
and phase two of EAP-FAST.
—Retry Attempts—Specifies how many times ACS...

Page 276

20
Managing Access Policies
 
Configuring Access Services
Allow EAP-FAST 
(continued)PAC O pti o n s
Tunnel PAC Time To Live—The Time To Live (TTL) value restricts the lifetime of the PAC. 
Specify the lifetime value and units. The default is one (1) day. 
Proactive PAC Update When:  of PAC TTL is Left—The Update value ensures that the 
client has a valid PAC. ACS initiates update after the first successful authentication but before 
the expiration time that is set by the TTL. The Update value is a...

Page 277

21   
Managing Access Policies
Configuring Access Services
3.Click Finish to save your changes to the access service. 
To enable an access service, you must add it to the service selection policy.
Configuring Access Services Templates
Use a service template to define an access service with policies that are customized to use specific condition types.
1.In the Configuring General Access Service Properties, page 13, choose Based on service template and click 
Select.
2.Complete the fields as described in...

Page 278

22
Managing Access Policies
 
Configuring Access Service Policies
Deleting an Access Service
To delete an access service:
1.Select Access Policies > Access Services.
The Access Services page appears with a list of configured services.
2.Check one or more check boxes the access services that you want to delete.
3.Click Delete; then click OK in the confirmation message. 
The Access Policies page appears without the deleted access service(s).
Related Topic
Creating, Duplicating, and Editing Access...

Page 279

23   
Managing Access Policies
Configuring Access Service Policies
Configuring a Group Mapping Policy, page 27
Configuring a Session Authorization Policy for Network Access, page 30
Configuring a Session Authorization Policy for Network Access, page 30
Configuring Shell/Command Authorization Policies for Device Administration, page 35
You can configure simple policies to apply to the same result to all incoming requests; or, you can create rule-based 
policies. 
Note: If you create and save a simple...

Page 280

24
Managing Access Policies
 
Configuring Access Service Policies
2.Select an identity source for authentication; or, choose Deny Access.
You can configure additional advanced options. See Configuring Identity Policy Rule Properties, page 26.
3.Click Save Changes to save the policy.
Viewing Rules-Based Identity Policies
Select Access Policies > Access Services > service > Identity, where  is the name of the access service.
By default, the Simple Identity Policy page appears with the fields described in...
Start reading Cisco Acs 57 User Guide

Related Manuals for Cisco Acs 57 User Guide

All Cisco manuals