Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 61

    Page 61 3-19 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Flows for Configuring Services and Policies Figure 3-2 illustrates what this policy rule table could look like. Figure 3-2 Sample Rule-Based Policy Each row in the policy table represents a single rule. Each rule, except for the last Default rule, contains two conditions, ID Group and Location, and a result, Authorization Profile. ID Group is an identity-based classification and Location is a... 
    3-19
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Flows for Configuring Services and Policies
Figure 3-2 illustrates what this policy rule table could look like.
Figure 3-2 Sample Rule-Based Policy
Each row in the policy table represents a single rule. 
Each rule, except for the last Default rule, contains two conditions, ID Group and Location, and a result, 
Authorization Profile. ID Group is an identity-based classification and Location is a...

    Page 62

    Page 62 3-20 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Flows for Configuring Services and Policies Added users to the internal ACS identity store or add external identity stores. See Creating Internal Users, page 8-11, Managing Identity Attributes, page 8-7, or Creating External LDAP Identity Stores, page 8-26. Table 3-8 Steps to Configure Services and Policies Step Action Drawer in Web Interface Step 1Define policy results: Authorizations and... 
    3-20
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Flows for Configuring Services and Policies
Added users to the internal ACS identity store or add external identity stores. See Creating Internal 
Users, page 8-11, Managing Identity Attributes, page 8-7, or Creating External LDAP Identity 
Stores, page 8-26.
Table 3-8 Steps to Configure Services and Policies
Step Action Drawer in Web Interface
Step 1Define policy results:
Authorizations and...

    Page 63

    Page 63 3-21 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Flows for Configuring Services and Policies Related Topics Policy Terminology, page 3-3 Policy Conditions, page 3-16 Policy Results, page 3-16 Policies and Identity Attributes, page 3-17 
    3-21
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Flows for Configuring Services and Policies
Related Topics
Policy Terminology, page 3-3
Policy Conditions, page 3-16
Policy Results, page 3-16
Policies and Identity Attributes, page 3-17

    Page 64

    Page 64 3-22 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Flows for Configuring Services and Policies 
    3-22
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Flows for Configuring Services and Policies

    Page 65

    Page 65 CH A P T E R 4-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 4 Common Scenarios Using ACS Network control refers to the process of controlling access to a network. Traditionally a username and password was used to authenticate a user to a network. Now a days with the rapid technological advancements, the traditional method of managing network access with a username and a password is no longer sufficient. The ways in which the users can access the network and what they can access... 
    CH A P T E R
4-1
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
4
Common Scenarios Using ACS
Network control refers to the process of controlling access to a network. Traditionally a username and 
password was used to authenticate a user to a network. Now a days with the rapid technological 
advancements, the traditional method of managing network access with a username and a password is 
no longer sufficient. 
The ways in which the users can access the network and what they can access...

    Page 66

    Page 66 4-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Overview of Device Administration Cisco Secure Access Control System (ACS) allows you to centrally manage access to your network services and resources (including devices, such as IP phones, printers, and so on). ACS 5.3 is a policy-based access control system that allows you to create complex policy conditions and helps you to comply with the various Governmental regulations. When you... 
    4-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Overview of Device Administration
Cisco Secure Access Control System (ACS) allows you to centrally manage access to your network 
services and resources (including devices, such as IP phones, printers, and so on). ACS 5.3 is a 
policy-based access control system that allows you to create complex policy conditions and helps you to 
comply with the various Governmental regulations.
When you...

    Page 67

    Page 67 4-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Overview of Device Administration If a command is matched to a command set, the corresponding permit or deny setting for the command is retrieved. If multiple results are found in the rules that are matched, they are consolidated and a single permit or deny result for the command is returned, as described in these conditions: If an explicit deny-always setting exists in any command set, the... 
    4-3
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Overview of Device Administration
If a command is matched to a command set, the corresponding permit or deny setting for the command 
is retrieved. If multiple results are found in the rules that are matched, they are consolidated and a single 
permit or deny result for the command is returned, as described in these conditions:
If an explicit deny-always setting exists in any command set, the...

    Page 68

    Page 68 4-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Overview of Device Administration Step 5Configure an access service policy. See Access Service Policy Creation, page 10-4. Step 6Configure a service selection policy. See Service Selection Policy Creation, page 10-4. Step 7Configure an authorization policy (rule table). See Configuring a Session Authorization Policy for Network Access, page 10-29. Command Authorization This topic describes... 
    4-4
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Overview of Device Administration
Step 5Configure an access service policy. See Access Service Policy Creation, page 10-4.
Step 6Configure a service selection policy. See Service Selection Policy Creation, page 10-4.
Step 7Configure an authorization policy (rule table). See Configuring a Session Authorization Policy for 
Network Access, page 10-29.
Command Authorization
This topic describes...

    Page 69

    Page 69 4-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Password-Based Network Access TACACS+ Custom Services and Attributes This topic describes the configuration flow to define TACACS+ custom attributes and services. Step 1Create a custom TACACS+ condition to move to TACACS+ service on request. To do this: a.Go to Policy Elements > Session Conditions > Custom and click Create. b.Create a custom TACACS+ condition. See Creating, Duplicating, and... 
    4-5
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Password-Based Network Access
TACACS+ Custom Services and Attributes
This topic describes the configuration flow to define TACACS+ custom attributes and services.
Step 1Create a custom TACACS+ condition to move to TACACS+ service on request. To do this:
a.Go to Policy Elements > Session Conditions > Custom and click Create.
b.Create a custom TACACS+ condition. See Creating, Duplicating, and...

    Page 70

    Page 70 4-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Password-Based Network Access NoteDuring password-based access (or certificate-based access), the user is not only authenticated but also authorized according to the ACS configuration. And if NAS sends accounting requests, the user is also accounted. ACS supports the following password-based authentication methods: Plain RADIUS password authentication methods –RADIUS-PAP –RADIUS-CHAP... 
    4-6
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Password-Based Network Access
NoteDuring password-based access (or certificate-based access), the user is not only authenticated but also 
authorized according to the ACS configuration. And if NAS sends accounting requests, the user is also 
accounted.
ACS supports the following password-based authentication methods:
Plain RADIUS password authentication methods
–RADIUS-PAP
–RADIUS-CHAP...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals