Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 291

    Page 291 10-27 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Step 2Select an identity group. Step 3Click Save Changes to save the policy. To configure a rule-based policy, see these topics: Creating Policy Rules, page 10-37 Duplicating a Rule, page 10-38 Editing Policy Rules, page 10-38 Table 10-13 Rule-based Group Mapping Policy Page Option Description Policy type Defines the type of policy to configure:... 
    10-27
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Step 2Select an identity group.
Step 3Click Save Changes to save the policy.
To configure a rule-based policy, see these topics:
Creating Policy Rules, page 10-37
Duplicating a Rule, page 10-38
Editing Policy Rules, page 10-38
Table 10-13 Rule-based Group Mapping Policy Page
Option Description
Policy type Defines the type of policy to configure:...

    Page 292

    Page 292 10-28 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Deleting Policy Rules, page 10-39 Related Topics Viewing Identity Policies, page 10-21 Configuring a Session Authorization Policy for Network Access, page 10-29 Configuring a Session Authorization Policy for Network Access, page 10-29 Configuring Shell/Command Authorization Policies for Device Administration, page 10-34 Configuring Group Mapping Policy... 
    10-28
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Deleting Policy Rules, page 10-39
Related Topics
Viewing Identity Policies, page 10-21
Configuring a Session Authorization Policy for Network Access, page 10-29
Configuring a Session Authorization Policy for Network Access, page 10-29
Configuring Shell/Command Authorization Policies for Device Administration, page 10-34
Configuring Group Mapping Policy...

    Page 293

    Page 293 10-29 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Configuring a Session Authorization Policy for Network Access When you create an access service for network access authorization, it creates a Session Authorization policy. You can then add and modify rules to this policy to determine the access permissions for the client session. You can create a standalone authorization policy for an access service,... 
    10-29
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Configuring a Session Authorization Policy for Network Access
When you create an access service for network access authorization, it creates a Session Authorization 
policy. You can then add and modify rules to this policy to determine the access permissions for the client 
session. 
You can create a standalone authorization policy for an access service,...

    Page 294

    Page 294 10-30 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Table 10-15 Network Access Authorization Policy Page Option Description Status Rule statuses are: Enabled—The rule is active. Disabled—ACS does not apply the results of the rule. Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit count are written to the log, and the log entry includes an identification that... 
    10-30
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Table 10-15 Network Access Authorization Policy Page
Option Description
Status Rule statuses are:
Enabled—The rule is active.
Disabled—ACS does not apply the results of the rule.
Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit 
count are written to the log, and the log entry includes an identification that...

    Page 295

    Page 295 10-31 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Configuring Network Access Authorization Rule Properties Use this page to create, duplicate, and edit the rules to determine access permissions in a network access service. Step 1Select Access Policies > Access Services > > Authorization, and click Create, Edit, or Duplicate. Step 2Complete the fields as described in Table 10-16: Table 10-16 Network... 
    10-31
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Configuring Network Access Authorization Rule Properties
Use this page to create, duplicate, and edit the rules to determine access permissions in a network access 
service.
Step 1Select Access Policies > Access Services >  > Authorization, and click Create, Edit, or 
Duplicate.
Step 2Complete the fields as described in Table 10-16:
Table 10-16 Network...

    Page 296

    Page 296 10-32 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Configuring Device Administration Authorization Policies A device administration authorization policy determines the authorizations and permissions for network administrators. You create an authorization policy during access service creation. See Configuring General Access Service Properties, page 10-13 for details of the Access Service Create page. Use... 
    10-32
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Configuring Device Administration Authorization Policies
A device administration authorization policy determines the authorizations and permissions for network 
administrators. 
You create an authorization policy during access service creation. See Configuring General Access 
Service Properties, page 10-13 for details of the Access Service Create page.
Use...

    Page 297

    Page 297 10-33 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Configuring Device Administration Authorization Rule Properties Use this page to create, duplicate, and edit the rules to determine authorizations and permissions in a device administration access service. Select Access Policies > Access Services > service > Authorization, and click Create, Edit, or Duplicate. The Device Administration Authorization... 
    10-33
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Configuring Device Administration Authorization Rule Properties
Use this page to create, duplicate, and edit the rules to determine authorizations and permissions in a 
device administration access service. 
Select Access Policies > Access Services > service > Authorization, and click Create, Edit, or 
Duplicate.
The Device Administration Authorization...

    Page 298

    Page 298 10-34 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Configuring Shell/Command Authorization Policies for Device Administration When you create an access service and select a service policy structure for Device Administration, ACS automatically creates a shell/command authorization policy. You can then create and modify policy rules. The web interface supports the creation of multiple command sets for... 
    10-34
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Configuring Shell/Command Authorization Policies for Device Administration
When you create an access service and select a service policy structure for Device Administration, ACS 
automatically creates a shell/command authorization policy. You can then create and modify policy 
rules. 
The web interface supports the creation of multiple command sets for...

    Page 299

    Page 299 10-35 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies To configure rules, see: Creating Policy Rules, page 10-37 Duplicating a Rule, page 10-38 Editing Policy Rules, page 10-38 Deleting Policy Rules, page 10-39 Configuring Authorization Exception Policies An authorization policy can include exception policies. In general, exceptions are temporary policies; for example, to grant provisional access to... 
    10-35
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
To configure rules, see:
Creating Policy Rules, page 10-37
Duplicating a Rule, page 10-38
Editing Policy Rules, page 10-38
Deleting Policy Rules, page 10-39
Configuring Authorization Exception Policies 
An authorization policy can include exception policies. In general, exceptions are temporary policies; 
for example, to grant provisional access to...

    Page 300

    Page 300 10-36 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies To configure rules, see: Creating Policy Rules, page 10-37 Duplicating a Rule, page 10-38 Editing Policy Rules, page 10-38 Deleting Policy Rules, page 10-39 Related Topics Configuring a Session Authorization Policy for Network Access, page 10-29 Configuring Shell/Command Authorization Policies for Device Administration, page 10-34 Table 10-20 Network... 
    10-36
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
To configure rules, see:
Creating Policy Rules, page 10-37
Duplicating a Rule, page 10-38
Editing Policy Rules, page 10-38
Deleting Policy Rules, page 10-39
Related Topics
Configuring a Session Authorization Policy for Network Access, page 10-29
Configuring Shell/Command Authorization Policies for Device Administration, page 10-34
Table 10-20 Network...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals