Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 301

    Page 301 45 Managing Access Policies Security Group Access Control Pages Related Topics Compound Condition Building Blocks, page 40 Types of Compound Conditions, page 41 Security Group Access Control Pages This section contains the following topics: Egress Policy Matrix Page, page 45 Editing a Cell in the Egress Policy Matrix, page 46 Defining a Default Policy for Egress Policy Page, page 46 NDAC Policy Page, page 47 NDAC Policy Properties Page, page 48 Network Device Access EAP-FAST Settings Page,... 
    45   
Managing Access Policies
Security Group Access Control Pages
Related Topics
Compound Condition Building Blocks, page 40
Types of Compound Conditions, page 41
Security Group Access Control Pages
This section contains the following topics:
Egress Policy Matrix Page, page 45
Editing a Cell in the Egress Policy Matrix, page 46
Defining a Default Policy for Egress Policy Page, page 46
NDAC Policy Page, page 47
NDAC Policy Properties Page, page 48
Network Device Access EAP-FAST Settings Page,...

    Page 302

    Page 302 46 Managing Access Policies Security Group Access Control Pages To display this page, choose Access Policies > Security Group Access Control > Egress Policy. Related Topic Creating an Egress Policy, page 25 Editing a Cell in the Egress Policy Matrix Use this page to configure the policy for the selected cell. You can configure the SGACLs to apply to the corresponding source and destination security group. To display this page, choose Access Policies > Security Group Access Control > Egress Policy,... 
    46
Managing Access Policies
 
Security Group Access Control Pages
To display this page, choose Access Policies > Security Group Access Control > Egress Policy.
Related Topic
Creating an Egress Policy, page 25
Editing a Cell in the Egress Policy Matrix
Use this page to configure the policy for the selected cell. You can configure the SGACLs to apply to the corresponding 
source and destination security group.
To display this page, choose Access Policies > Security Group Access Control > Egress Policy,...

    Page 303

    Page 303 47 Managing Access Policies Security Group Access Control Pages Related Topics Creating an Egress Policy, page 25 Creating a Default Policy, page 26 NDAC Policy Page The Network Device Admission Control (NDAC) policy determines the SGT for network devices in a Security Group Access environment. The NDAC policy handles: Peer authorization requests from one device about its neighbor. Environment requests (a device is collecting information about itself). The policy returns the same SGT for a... 
    47   
Managing Access Policies
Security Group Access Control Pages
Related Topics
Creating an Egress Policy, page 25
Creating a Default Policy, page 26
NDAC Policy Page
The Network Device Admission Control (NDAC) policy determines the SGT for network devices in a Security Group 
Access environment. The NDAC policy handles:
Peer authorization requests from one device about its neighbor.
Environment requests (a device is collecting information about itself).
The policy returns the same SGT for a...

    Page 304

    Page 304 48 Managing Access Policies Security Group Access Control Pages View rules. Delete rules. Open pages that create, duplicate, edit, and customize rules. Related Topics: Configuring an NDAC Policy, page 23 NDAC Policy Properties Page, page 48 NDAC Policy Properties Page Use this page to create, duplicate, and edit rules to determine the SGT for a device. Table 106 Rule-Based NDAC Policy Page Option Description Policy type Defines the type of policy to configure: Simple—Specifies the result to... 
    48
Managing Access Policies
 
Security Group Access Control Pages
View rules.
Delete rules. 
Open pages that create, duplicate, edit, and customize rules. 
Related Topics:
Configuring an NDAC Policy, page 23
NDAC Policy Properties Page, page 48
NDAC Policy Properties Page
Use this page to create, duplicate, and edit rules to determine the SGT for a device. 
Table 106 Rule-Based NDAC Policy Page
Option Description
Policy type Defines the type of policy to configure:
Simple—Specifies the result to...

    Page 305

    Page 305 49 Managing Access Policies Security Group Access Control Pages To display this page, choose Access Policies > Security Group Access Control > Network Device Access > Authentication Policy, then click Create, Edit, or Duplicate. Note: For endpoint admission control, you must define an access service and session authorization policy. See Configuring Network Access Authorization Rule Properties, page 31 for information about creating a session authorization policy. Related Topics: Configuring an... 
    49   
Managing Access Policies
Security Group Access Control Pages
To display this page, choose Access Policies > Security Group Access Control > Network Device Access > 
Authentication Policy, then click Create, Edit, or Duplicate.
Note: For endpoint admission control, you must define an access service and session authorization policy. See 
Configuring Network Access Authorization Rule Properties, page 31 for information about creating a session 
authorization policy.
Related Topics:
Configuring an...

    Page 306

    Page 306 50 Managing Access Policies Maximum User Sessions Related Topics: Configuring an NDAC Policy, page 23 Configuring EAP-FAST Settings for Security Group Access, page 24 NDAC Policy Page, page 47 Maximum User Sessions For optimal performance, you can limit the number of concurrent users accessing network resources. ACS 5.7 imposes limits on the number of concurrent service sessions per user. The limits are set in several different ways. You can set the limits at the user level or at the group level.... 
    50
Managing Access Policies
 
Maximum User Sessions
Related Topics:
Configuring an NDAC Policy, page 23
Configuring EAP-FAST Settings for Security Group Access, page 24
NDAC Policy Page, page 47
Maximum User Sessions
For optimal performance, you can limit the number of concurrent users accessing network resources. ACS 5.7 imposes 
limits on the number of concurrent service sessions per user. 
The limits are set in several different ways. You can set the limits at the user level or at the group level....

    Page 307

    Page 307 51 Managing Access Policies Maximum User Sessions Maximum Session Global Settings, page 52 Purging User Sessions, page 53 Maximum User Session in Distributed Environment, page 54 Maximum User Session in Proxy Scenario, page 54 Maximum Session Group Settings You can configure the maximum number of sessions for the identity groups. All the sessions can sometimes be used by a few users in the group. Requests from other users to create a new session are rejected because the number of sessions has... 
    51   
Managing Access Policies
Maximum User Sessions
Maximum Session Global Settings, page 52
Purging User Sessions, page 53
Maximum User Session in Distributed Environment, page 54
Maximum User Session in Proxy Scenario, page 54
Maximum Session Group Settings
You can configure the maximum number of sessions for the identity groups. All the sessions can sometimes be used by 
a few users in the group. Requests from other users to create a new session are rejected because the number of sessions 
has...

    Page 308

    Page 308 52 Managing Access Policies Maximum User Sessions Unlimited is selected by default. Group-level session limits are applied based on the hierarchy. For example: The group hierarchy is America:US:West:CA and the maximum sessions are as follows: America: 100 max sessions US: 80 max sessions West: 75 max sessions CA: 50 max sessions If “Max Session for User in Group X” is set to N, each user belonging to the group X may open not more than N sessions. If the user belongs to America/US/West, ACS checks... 
    52
Managing Access Policies
 
Maximum User Sessions
Unlimited is selected by default. Group-level session limits are applied based on the hierarchy. For example:
The group hierarchy is America:US:West:CA and the maximum sessions are as follows:
America: 100 max sessions
US: 80 max sessions
West: 75 max sessions
CA: 50 max sessions
If “Max Session for User in Group X” is set to N, each user belonging to the group X may open not more than N sessions.
If the user belongs to America/US/West, ACS checks...

    Page 309

    Page 309 53 Managing Access Policies Maximum User Sessions Related Topics Maximum Session User Settings, page 50 Maximum Session Group Settings, page 51 Purging User Sessions, page 53 Maximum User Session in Distributed Environment, page 54 Maximum User Session in Proxy Scenario, page 54 Purging User Sessions You can use the Purge option only when users are listed as Logged-in but connection to the AAA client has been lost and the users are no longer actually logged in. Purging will not log off the user... 
    53   
Managing Access Policies
Maximum User Sessions
Related Topics
Maximum Session User Settings, page 50
Maximum Session Group Settings, page 51
Purging User Sessions, page 53
Maximum User Session in Distributed Environment, page 54
Maximum User Session in Proxy Scenario, page 54
Purging User Sessions
You can use the Purge option only when users are listed as Logged-in but connection to the AAA client has been lost 
and the users are no longer actually logged in.
Purging will not log off the user...

    Page 310

    Page 310 54 Managing Access Policies Maximum User Sessions A list of all the logged in users is displayed. 4.Click Purge All Sessions to purge all the user session logged in to the particular AAA client. Related Topics Maximum Session User Settings, page 50 Maximum Session Group Settings, page 51 Maximum Session Global Settings, page 52 Maximum User Session in Distributed Environment, page 54 Maximum User Session in Proxy Scenario, page 54 Maximum User Session in Distributed Environment In distributed... 
    54
Managing Access Policies
 
Maximum User Sessions
A list of all the logged in users is displayed.
4.Click Purge All Sessions to purge all the user session logged in to the particular AAA client.
Related Topics
Maximum Session User Settings, page 50
Maximum Session Group Settings, page 51
Maximum Session Global Settings, page 52
Maximum User Session in Distributed Environment, page 54
Maximum User Session in Proxy Scenario, page 54
Maximum User Session in Distributed Environment
In distributed...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals