Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 261

    Page 261 9-31 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Authorizations and Permissions Related Topics Creating, Duplicating, and Editing Authorization Profiles for Network Access, page 9-18 Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 9-23 Deleting an Authorizations and Permissions Policy Element, page 9-32 Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 9-23... 
    9-31
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Authorizations and Permissions
Related Topics
Creating, Duplicating, and Editing Authorization Profiles for Network Access, page 9-18
Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 9-23
Deleting an Authorizations and Permissions Policy Element, page 9-32
Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 9-23...

    Page 262

    Page 262 9-32 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Authorizations and Permissions –Click Start Export to export the DACLs without any encryption. Step 3Enter valid configuration data in the required fields as shown in Ta b l e 9 - 1 2, and define one or more ACLs by using standard ACL syntax. Step 4Click Submit. The downloadable ACL is saved. The Downloadable ACLs page appears with the downloadable ACL that you created or... 
    9-32
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Authorizations and Permissions
–Click Start Export to export the DACLs without any encryption.
Step 3Enter valid configuration data in the required fields as shown in Ta b l e 9 - 1 2, and define one or more 
ACLs by using standard ACL syntax.
Step 4Click Submit.
The downloadable ACL is saved. The Downloadable ACLs page appears with the downloadable ACL 
that you created or...

    Page 263

    Page 263 9-33 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Authorizations and Permissions Configuring Security Group Access Control Lists Security group access control lists (SGACLs) are applied at Egress, based on the source and destination SGTs. Use this page to view, create, duplicate and edit SGACLs. When you modify the name or content of an SGACL, ACS updates its generation ID. When the generation ID of an SGACL changes, the relevant... 
    9-33
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Authorizations and Permissions
Configuring Security Group Access Control Lists
Security group access control lists (SGACLs) are applied at Egress, based on the source and destination 
SGTs. Use this page to view, create, duplicate and edit SGACLs. When you modify the name or content 
of an SGACL, ACS updates its generation ID. When the generation ID of an SGACL changes, the 
relevant...

    Page 264

    Page 264 9-34 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 9 Managing Policy Elements Managing Authorizations and Permissions 
    9-34
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9      Managing Policy Elements
  Managing Authorizations and Permissions

    Page 265

    Page 265 CH A P T E R 10-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 10 Managing Access Policies In ACS 5.3, policy drives all activities. Policies consist mainly of rules that determine the action of the policy. You create access services to define authentication and authorization policies for requests. A global service selection policy contains rules that determine which access service processes an incoming request. For a basic workflow for configuring policies and all their... 
    CH A P T E R
10-1
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
10
Managing Access Policies
In ACS 5.3, policy drives all activities. Policies consist mainly of rules that determine the action of the 
policy. You create access services to define authentication and authorization policies for requests. A 
global service selection policy contains rules that determine which access service processes an incoming 
request. 
For a basic workflow for configuring policies and all their...

    Page 266

    Page 266 10-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Policy Creation Flow In short, you must determine the: Details of your network configuration. Access services that implement your policies. Rules that define the conditions under which an access service can run. This section contains the following topics: Network Definition and Policy Goals, page 10-2 Policy Elements in the Policy Creation Flow, page 10-3 Access Service Policy Creation, page... 
    10-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Policy Creation Flow
In short, you must determine the:
Details of your network configuration.
Access services that implement your policies.
Rules that define the conditions under which an access service can run.
This section contains the following topics:
Network Definition and Policy Goals, page 10-2
Policy Elements in the Policy Creation Flow, page 10-3
Access Service Policy Creation, page...

    Page 267

    Page 267 10-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Policy Creation Flow Policy Elements in the Policy Creation Flow The web interface provides these defaults for defining device groups and identity groups: All Locations All Device Types All Groups The locations, device types, and identity groups that you create are children of these defaults. To create the building blocks for a basic device administration policy: Step 1Create network... 
    10-3
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Policy Creation Flow
Policy Elements in the Policy Creation Flow
The web interface provides these defaults for defining device groups and identity groups:
All Locations
All Device Types 
All Groups
The locations, device types, and identity groups that you create are children of these defaults. 
To create the building blocks for a basic device administration policy:
Step 1Create network...

    Page 268

    Page 268 10-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Customizing a Policy Policy Creation Flow—Next Steps Access Service Policy Creation, page 10-4 Service Selection Policy Creation, page 10-4 Access Service Policy Creation After you create the basic elements, you can create an access policy that includes identity groups and privileges. For example, you can create an access service for device administration, called NetOps, which contains... 
    10-4
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Customizing a Policy
Policy Creation Flow—Next Steps
Access Service Policy Creation, page 10-4
Service Selection Policy Creation, page 10-4
Access Service Policy Creation
After you create the basic elements, you can create an access policy that includes identity groups and 
privileges. For example, you can create an access service for device administration, called NetOps, 
which contains...

    Page 269

    Page 269 10-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring the Service Selection Policy If you have implemented Security Group Access functionality, you can also customize results for authorization policies. CautionIf you have already defined rules, be certain that a rule is not using any condition that you remove when customizing conditions. Removing a condition column removes all configured conditions that exist for that column. To... 
    10-5
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring the Service Selection Policy
If you have implemented Security Group Access functionality, you can also customize results for 
authorization policies.
CautionIf you have already defined rules, be certain that a rule is not using any condition that you remove when 
customizing conditions. Removing a condition column removes all configured conditions that exist for 
that column. 
To...

    Page 270

    Page 270 10-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring the Service Selection Policy NoteIf you create and save a simple policy, and then change to a rule-based policy, the simple policy becomes the default rule of the rule-based policy. If you have saved a rule-based policy and then change to a simple policy, you will lose all your rules except for the default rule. ACS automatically uses the default rule as the simple policy.... 
    10-6
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring the Service Selection Policy
NoteIf you create and save a simple policy, and then change to a rule-based policy, the simple policy becomes 
the default rule of the rule-based policy. If you have saved a rule-based policy and then change to a 
simple policy, you will lose all your rules except for the default rule. ACS automatically uses the default 
rule as the simple policy....
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals