Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 301

    Page 301 10-37 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Creating Policy Rules When you create rules, remember that the order of the rules is important. When ACS encounters a match as it processes the request of a client that tries to access the ACS network, all further processing stops and the associated result of that match is found. No further rules are considered after a match is found. The Default Rule... 
    10-37
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Creating Policy Rules
When you create rules, remember that the order of the rules is important. When ACS encounters a match 
as it processes the request of a client that tries to access the ACS network, all further processing stops 
and the associated result of that match is found. No further rules are considered after a match is found.
The Default Rule...

    Page 302

    Page 302 10-38 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Duplicating a Rule You can duplicate a rule if you want to create a new rule that is the same, or very similar to, an existing rule. The duplicate rule name is based on the original rule with parentheses to indicate duplication; for example, Rule-1(1). After duplication is complete, you access each rule (original and duplicated) separately. NoteYou... 
    10-38
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Duplicating a Rule
You can duplicate a rule if you want to create a new rule that is the same, or very similar to, an existing 
rule. The duplicate rule name is based on the original rule with parentheses to indicate duplication; for 
example, Rule-1(1). 
After duplication is complete, you access each rule (original and duplicated) separately.
NoteYou...

    Page 303

    Page 303 10-39 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Access Service Policies Step 4Click OK. The Policy page appears with the edited rule. Step 5Click Save Changes to save the new configuration. Step 6Click Discard Changes to cancel the edited information. Related Topics Creating Policy Rules, page 10-37 Duplicating a Rule, page 10-38 Deleting Policy Rules, page 10-39 Deleting Policy Rules NoteYou cannot delete the Default rule. To... 
    10-39
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Access Service Policies
Step 4Click OK.
The Policy page appears with the edited rule.
Step 5Click Save Changes to save the new configuration.
Step 6Click Discard Changes to cancel the edited information.
Related Topics
Creating Policy Rules, page 10-37
Duplicating a Rule, page 10-38
Deleting Policy Rules, page 10-39
Deleting Policy Rules
NoteYou cannot delete the Default rule.
To...

    Page 304

    Page 304 10-40 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Compound Conditions Configuring Compound Conditions Use compound conditions to define a set of conditions based on any attributes allowed in simple policy conditions. You define compound conditions in a policy rule page; you cannot define them as separate condition objects. This section contains the following topics: Compound Condition Building Blocks, page 10-40 Types of... 
    10-40
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Compound Conditions
Configuring Compound Conditions
Use compound conditions to define a set of conditions based on any attributes allowed in simple policy 
conditions. You define compound conditions in a policy rule page; you cannot define them as separate 
condition objects.
This section contains the following topics:
Compound Condition Building Blocks, page 10-40
Types of...

    Page 305

    Page 305 10-41 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Compound Conditions NoteDynamic attribute mapping is not applicable for ExternalGroups attribute of Type String Enum and Time And Date attribute of type Date Time Period. For hierarchical attribute, the value is appended with attribute name so while configuring any string attribute to compare with hierarchical attribute the value of the string attribute has to start with... 
    10-41
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Compound Conditions
NoteDynamic attribute mapping is not applicable for ExternalGroups attribute of Type String Enum and 
Time And Date attribute of type Date Time Period.
For hierarchical attribute, the value is appended with attribute name so while configuring any string 
attribute to compare with hierarchical attribute the value of the string attribute has to start with...

    Page 306

    Page 306 10-42 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Compound Conditions Figure 10-2 Compound Expression - Atomic Condition Single Nested Compound Condition Consists of a single operator followed by a set of predicates (>=2). The operator is applied between each of the predicates. See Figure 10-3 for an example. The preview window displays parentheses [()] to indicate precedence of logical operators. Figure 10-3 Single Nested... 
    10-42
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Compound Conditions
Figure 10-2 Compound Expression - Atomic Condition 
Single Nested Compound Condition
Consists of a single operator followed by a set of predicates (>=2). The operator is applied between each 
of the predicates. See Figure 10-3 for an example. The preview window displays parentheses [()] to 
indicate precedence of logical operators.
Figure 10-3 Single Nested...

    Page 307

    Page 307 10-43 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Compound Conditions Figure 10-4 Multiple Nested Compound Expression Compound Expression with Dynamic value You can select dynamic value to select another dictionary attribute to compare against the dictionary attribute selected as operand. See Figure 10-5 for an example. Figure 10-5 Compound Expression Builder with Dynamic Value 
    10-43
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Compound Conditions
Figure 10-4 Multiple Nested Compound Expression
Compound Expression with Dynamic value
You can select dynamic value to select another dictionary attribute to compare against the dictionary 
attribute selected as operand. See Figure 10-5 for an example.
Figure 10-5 Compound Expression Builder with Dynamic Value

    Page 308

    Page 308 10-44 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Configuring Compound Conditions Related Topics Compound Condition Building Blocks, page 10-40 Using the Compound Expression Builder, page 10-44 Using the Compound Expression Builder You construct compound conditions by using the expression builder in Rule Properties pages. The expression builder contains two sections: a predicate builder to create primary conditions and controls for... 
    10-44
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Configuring Compound Conditions
Related Topics
Compound Condition Building Blocks, page 10-40
Using the Compound Expression Builder, page 10-44
Using the Compound Expression Builder
You construct compound conditions by using the expression builder in Rule Properties pages. The 
expression builder contains two sections: a predicate builder to create primary conditions and controls 
for...

    Page 309

    Page 309 10-45 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Security Group Access Control Pages Related Topics Compound Condition Building Blocks, page 10-40 Types of Compound Conditions, page 10-41 Security Group Access Control Pages This section contains the following topics: Egress Policy Matrix Page, page 10-45 Editing a Cell in the Egress Policy Matrix, page 10-46 Defining a Default Policy for Egress Policy Page, page 10-46 NDAC Policy Page,... 
    10-45
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Security Group Access Control Pages
Related Topics
Compound Condition Building Blocks, page 10-40
Types of Compound Conditions, page 10-41
Security Group Access Control Pages
This section contains the following topics:
Egress Policy Matrix Page, page 10-45
Editing a Cell in the Egress Policy Matrix, page 10-46
Defining a Default Policy for Egress Policy Page, page 10-46
NDAC Policy Page,...

    Page 310

    Page 310 10-46 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Security Group Access Control Pages Related Topic Creating an Egress Policy, page 4-27 Editing a Cell in the Egress Policy Matrix Use this page to configure the policy for the selected cell. You can configure the SGACLs to apply to the corresponding source and destination security group. To display this page, choose Access Policies > Security Group Access Control > Egress Policy, select a... 
    10-46
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Security Group Access Control Pages
Related Topic
Creating an Egress Policy, page 4-27
Editing a Cell in the Egress Policy Matrix
Use this page to configure the policy for the selected cell. You can configure the SGACLs to apply to the 
corresponding source and destination security group.
To display this page, choose Access Policies > Security Group Access Control > Egress Policy, select 
a...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals