Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 231

    Page 231 CH A P T E R 9-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 9 Managing Policy Elements A policy defines the authentication and authorization processing of clients that attempt to access the ACS network. A client can be a user, a network device, or a user associated with a network device. Policies are sets of rules. Rules contain policy elements, which are sets of conditions and results that are organized in rule tables. See Chapter 3, “ACS 5.x Policy Model” for more information... 
    CH A P T E R
9-1
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
9
Managing Policy Elements
A policy defines the authentication and authorization processing of clients that attempt to access the ACS 
network. A client can be a user, a network device, or a user associated with a network device.
Policies are sets of rules. Rules contain policy elements, which are sets of conditions and results that are 
organized in rule tables. See Chapter 3, “ACS 5.x Policy Model” for more information...

    Page 232

    Page 232 9-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions You can map users and hosts to identity groups by using the group mapping policy. You can include identity groups in conditions to configure common policy conditions for all users in the group. For more information about creating identity groups, see Managing Identity Attributes, page 8-7. Network Device Groups (NDGs)—Devices issuing requests are included in one or... 
    9-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
You can map users and hosts to identity groups by using the group mapping policy. You can include 
identity groups in conditions to configure common policy conditions for all users in the group. For 
more information about creating identity groups, see Managing Identity Attributes, page 8-7.
Network Device Groups (NDGs)—Devices issuing requests are included in one or...

    Page 233

    Page 233 9-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions Deleting a Session Condition, page 9-6 Managing Network Conditions, page 9-6 See Chapter 3, “ACS 5.x Policy Model” for information about additional conditions that you can use in policy rules, although they are not configurable. Creating, Duplicating, and Editing a Date and Time Condition Create date and time conditions to specify time intervals and durations. For... 
    9-3
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
Deleting a Session Condition, page 9-6
Managing Network Conditions, page 9-6
See Chapter 3, “ACS 5.x Policy Model” for information about additional conditions that you can use in 
policy rules, although they are not configurable.
Creating, Duplicating, and Editing a Date and Time Condition
Create date and time conditions to specify time intervals and durations. For...

    Page 234

    Page 234 9-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions To add date and time conditions to a policy, you must first customize the rule table. See Customizing a Policy, page 10-4. Step 4Click Submit. The date and time condition is saved. The Date and Time Conditions page appears with the new date and time condition that you created or duplicated. Related Topics Creating, Duplicating, and Editing a Custom Session... 
    9-4
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
To add date and time conditions to a policy, you must first customize the rule table. See Customizing a 
Policy, page 10-4.
Step 4Click Submit.
The date and time condition is saved. The Date and Time Conditions page appears with the new date and 
time condition that you created or duplicated. 
Related Topics
Creating, Duplicating, and Editing a Custom Session...

    Page 235

    Page 235 9-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions Creating, Duplicating, and Editing a Custom Session Condition The protocol and identity dictionaries contain a large number of attributes. To use any of these attributes as a condition in a policy rule, you must first create a custom condition for the attribute. In this way, you define a smaller subset of attributes to use in policy conditions, and present a smaller... 
    9-5
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
Creating, Duplicating, and Editing a Custom Session Condition
The protocol and identity dictionaries contain a large number of attributes. To use any of these attributes 
as a condition in a policy rule, you must first create a custom condition for the attribute. In this way, you 
define a smaller subset of attributes to use in policy conditions, and present a smaller...

    Page 236

    Page 236 9-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions Step 4Click Submit. The new custom session condition is saved. The Custom Condition page appears with the new custom session condition. Clients that are associated with this condition are subject to it for the duration of their session. Related Topics Creating, Duplicating, and Editing a Date and Time Condition, page 9-3 Deleting a Session Condition, page 9-6... 
    9-6
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
Step 4Click Submit.
The new custom session condition is saved. The Custom Condition page appears with the new custom 
session condition. Clients that are associated with this condition are subject to it for the duration of their 
session.
Related Topics
Creating, Duplicating, and Editing a Date and Time Condition, page 9-3
Deleting a Session Condition, page 9-6...

    Page 237

    Page 237 9-7 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions ACS offers three types of filters: End Station Filter—Filters end stations, such as a laptop or printer that initiates a connection based on the end station’s IP address, MAC address, CLID number, or DNIS number. The end station identifier can be the IP address, MAC address, or any other string that uniquely identifies the end station. It is a protocol-agnostic... 
    9-7
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
ACS offers three types of filters:
End Station Filter—Filters end stations, such as a laptop or printer that initiates a connection based 
on the end station’s IP address, MAC address, CLID number, or DNIS number.
The end station identifier can be the IP address, MAC address, or any other string that uniquely 
identifies the end station. It is a protocol-agnostic...

    Page 238

    Page 238 9-8 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions This section contains the following topics: Importing Network Conditions, page 9-8 Exporting Network Conditions, page 9-9 Creating, Duplicating, and Editing End Station Filters, page 9-9 Creating, Duplicating, and Editing Device Filters, page 9-12 Creating, Duplicating, and Editing Device Port Filters, page 9-14 Importing Network Conditions You can use the bulk import... 
    9-8
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
This section contains the following topics:
Importing Network Conditions, page 9-8
Exporting Network Conditions, page 9-9
Creating, Duplicating, and Editing End Station Filters, page 9-9
Creating, Duplicating, and Editing Device Filters, page 9-12
Creating, Duplicating, and Editing Device Port Filters, page 9-14
Importing Network Conditions
You can use the bulk import...

    Page 239

    Page 239 9-9 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions TimesaverInstead of downloading the template and creating an import file, you can use the export file of the particular filter, update the information in that file, save it, and reuse it as your import file. Exporting Network Conditions ACS 5.3 offers you a bulk export function to export the filter configuration data in the form of a .csv file. You can export the... 
    9-9
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
TimesaverInstead of downloading the template and creating an import file, you can use the export file of the 
particular filter, update the information in that file, save it, and reuse it as your import file.
Exporting Network Conditions
ACS 5.3 offers you a bulk export function to export the filter configuration data in the form of a .csv file. 
You can export the...

    Page 240

    Page 240 9-10 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Policy Conditions Step 5Click Submit to save the changes. Related Topics Managing Network Conditions, page 9-6 Importing Network Conditions, page 9-8 Creating, Duplicating, and Editing Device Filters, page 9-12 Creating, Duplicating, and Editing Device Port Filters, page 9-14 Defining IP Address-Based End Station Filters You can create, duplicate, and edit the IP addresses of end... 
    9-10
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Policy Conditions
Step 5Click Submit to save the changes.
Related Topics
Managing Network Conditions, page 9-6
Importing Network Conditions, page 9-8
Creating, Duplicating, and Editing Device Filters, page 9-12
Creating, Duplicating, and Editing Device Port Filters, page 9-14
Defining IP Address-Based End Station Filters
You can create, duplicate, and edit the IP addresses of end...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals