Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 281

    Page 281 10-17 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Services Allow EAP-FAST Enables the EAP-FAST authentication protocol and EAP-FAST settings. The EAP-FAST protocol can support multiple internal protocols on the same server. The default inner method is MSCHAPv2. When you check Allow EAP-FAST, you can configure EAP-FAST inner methods: Allow EAP-MSCHAPv2 –Allow Password Change—Check for ACS to support password changes in... 
    10-17
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Services
Allow EAP-FAST Enables the EAP-FAST authentication protocol and EAP-FAST settings. The EAP-FAST 
protocol can support multiple internal protocols on the same server. The default inner method is 
MSCHAPv2.
When you check Allow EAP-FAST, you can configure EAP-FAST inner methods:
Allow EAP-MSCHAPv2
–Allow Password Change—Check for ACS to support password changes in...

    Page 282

    Page 282 10-18 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Services Allow EAP-FAST (continued)PA C O pt i on s Tunnel PAC Time To Live—The Time To Live (TTL) value restricts the lifetime of the PAC. Specify the lifetime value and units. The default is one (1) day. Proactive PAC Update When: of PAC TTL is Left—The Update value ensures that the client has a valid PAC. ACS initiates update after the first successful... 
    10-18
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Services
Allow EAP-FAST 
(continued)PA C  O pt i on s

Tunnel PAC Time To Live—The Time To Live (TTL) value restricts the lifetime of the PAC. 
Specify the lifetime value and units. The default is one (1) day. 
Proactive PAC Update When:  of PAC TTL is Left—The Update value ensures that the 
client has a valid PAC. ACS initiates update after the first successful...

    Page 283

    Page 283 10-19 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Services Step 3Click Finish to save your changes to the access service. To enable an access service, you must add it to the service selection policy. Configuring Access Services Templates Use a service template to define an access service with policies that are customized to use specific condition types. Step 1In the Configuring General Access Service Properties, page... 
    10-19
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Services
Step 3Click Finish to save your changes to the access service. 
To enable an access service, you must add it to the service selection policy.
Configuring Access Services Templates
Use a service template to define an access service with policies that are customized to use specific 
condition types.
Step 1In the Configuring General Access Service Properties, page...

    Page 284

    Page 284 10-20 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Services Deleting an Access Service To delete an access service: Step 1Select Access Policies > Access Services. The Access Services page appears with a list of configured services. Step 2Check one or more check boxes next to the access services that you want to delete. Step 3Click Delete; then click OK in the confirmation message. The Access Policies page appears without... 
    10-20
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Services
Deleting an Access Service
To delete an access service:
Step 1Select Access Policies > Access Services.
The Access Services page appears with a list of configured services.
Step 2Check one or more check boxes next to the access services that you want to delete.
Step 3Click Delete; then click OK in the confirmation message. 
The Access Policies page appears without...

    Page 285

    Page 285 10-21 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Configuring Access Service Policies You configure access service policies after you create the access service: Viewing Identity Policies, page 10-21 Configuring Identity Policy Rule Properties, page 10-24 Configuring a Group Mapping Policy, page 10-26 Configuring a Session Authorization Policy for Network Access, page 10-29 Configuring a Session... 
    10-21
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Configuring Access Service Policies
You configure access service policies after you create the access service: 
Viewing Identity Policies, page 10-21
Configuring Identity Policy Rule Properties, page 10-24
Configuring a Group Mapping Policy, page 10-26
Configuring a Session Authorization Policy for Network Access, page 10-29
Configuring a Session...

    Page 286

    Page 286 10-22 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies In the rule-based policy, each rule contains one or more conditions and a result, which is the identity source to use for authentication. You can create, duplicate, edit, and delete rules within the identity policy; and you can enable and disable them. CautionIf you switch between the simple policy and the rule-based policy pages, you will lose your... 
    10-22
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
In the rule-based policy, each rule contains one or more conditions and a result, which is the identity 
source to use for authentication. You can create, duplicate, edit, and delete rules within the identity 
policy; and you can enable and disable them.
CautionIf you switch between the simple policy and the rule-based policy pages, you will lose your...

    Page 287

    Page 287 10-23 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Viewing Rules-Based Identity Policies Select Access Policies > Access Services > service > Identity, where is the name of the access service. By default, the Simple Identity Policy page appears with the fields described in Table 10-9. If configured, the Rules-Based Identity Policy page appears with the fields described in Table 10-10: To configure a... 
    10-23
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Viewing Rules-Based Identity Policies
Select Access Policies > Access Services > service > Identity, where  is the name of the 
access service.
By default, the Simple Identity Policy page appears with the fields described in Table 10-9. If 
configured, the Rules-Based Identity Policy page appears with the fields described in Table 10-10:
To configure a...

    Page 288

    Page 288 10-24 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Creating Policy Rules, page 10-37 Duplicating a Rule, page 10-38 Editing Policy Rules, page 10-38 Deleting Policy Rules, page 10-39 For information about configuring an identity policy for Host Lookup requests, see Configuring an Authorization Policy for Host Lookup Requests, page 4-20. Related Topics Configuring a Group Mapping Policy, page 10-26... 
    10-24
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Creating Policy Rules, page 10-37
Duplicating a Rule, page 10-38
Editing Policy Rules, page 10-38
Deleting Policy Rules, page 10-39
For information about configuring an identity policy for Host Lookup requests, see Configuring an 
Authorization Policy for Host Lookup Requests, page 4-20.
Related Topics
Configuring a Group Mapping Policy, page 10-26...

    Page 289

    Page 289 10-25 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Table 10-11 Identity Rule Properties Page Option Description General Rule Name Name of the rule. If you are duplicating a rule, you must enter a unique name as a minimum configuration; all other fields are optional. Rule Status Rule statuses are: Enabled—The rule is active. Disabled—ACS does not apply the results of the rule. Monitor—The rule is active,... 
    10-25
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Table 10-11 Identity Rule Properties Page 
Option Description
General
Rule  Name Name of the rule. If you are duplicating a rule, you must enter a unique name as a minimum configuration; 
all other fields are optional.
Rule Status Rule statuses are:
Enabled—The rule is active.
Disabled—ACS does not apply the results of the rule.
Monitor—The rule is active,...

    Page 290

    Page 290 10-26 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Configuring a Group Mapping Policy Configure a group mapping policy to map groups and attributes that are retrieved from external identity stores to ACS identity groups. When ACS processes a request for a user or host, this policy retrieves the relevant identity group which can be used in authorization policy rules. If you created an access service that... 
    10-26
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Configuring a Group Mapping Policy
Configure a group mapping policy to map groups and attributes that are retrieved from external identity 
stores to ACS identity groups. When ACS processes a request for a user or host, this policy retrieves the 
relevant identity group which can be used in authorization policy rules.
If you created an access service that...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals