Cisco Acs 5x User Guide
Have a look at the manual Cisco Acs 5x User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
5-25 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 5 Understanding My Workspace Common Errors Common Errors You might encounter these common errors: Concurrency Conflict Errors, page 5-25 Deletion Errors, page 5-26 System Failure Errors, page 5-27 Accessibility, page 5-27 Concurrency Conflict Errors Concurrency conflict errors occur when more than one user tries to update the same object. When you click Submit and the web interface detects an error, a dialog box appears, with an error message and an OK button. Read the error message, click OK, and resubmit your configuration, if needed. Possible error messages, explanations, and recommended actions are: Error MessageThe item you are trying to Submit has been modified elsewhere while you were making your changes. Explanation You accessed an item to perform an edit and began to configure it; simultaneously, another user accessed and successfully submitted a modification to it. Your submission attempt failed. Recommended ActionClick OK to close the error message and display the content area list page. The page contains the latest version of all items. Resubmit your configuration, if needed. Error MessageThe item you are trying to Submit has been deleted while you were making your changes. Explanation If you attempt to submit an edited item that another user simultaneously accessed and deleted, your submission attempt fails. This error message appears in a dialog box with an OK button. Recommended ActionClick OK to close the error message and display the content area list page. The page contains the latest version of all items. The item that you tried to submit is not saved or visible. Error MessageThe item you are trying to Duplicate from has been deleted. Error MessageThe item you are trying to Edit has been deleted. Explanation You attempted to duplicate or edit a selected item that another user deleted at the same time that you attempted to access it. Recommended ActionClick OK to close the error message and display the content area list page. The page contains the latest version of all items. The item that you tried to duplicate or edit is not saved or visible.
5-26 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 5 Understanding My Workspace Common Errors Error MessageThe item you are trying to Submit is referencing items that do not exist anymore. Explanation You attempted to edit or duplicate an item that is referencing an item that another user deleted while you tried to submit your change. Recommended ActionClick OK to close the error message and display the previous page, the Create page or the Edit page. Your attempted changes are not saved, nor do they appear in the page. Error MessageEither Import or Export is already in progress. Explanation You attempted to import or export a .csv file while a previous import or export is still in progress. The subsequent import or export will not succeed. The original import or export is not interrupted due to this error. Recommended ActionClick OK to close the error message and display the previous page. For a currently running import process, consult the Import Progress secondary window and wait for the Save Log button to become enabled. Save the log, then attempt to import or export your next .csv file. Deletion Errors Deletion errors occur when you attempt to delete an item (or items) that another item references. When you click Delete and an error is detected, a dialog box appears, with an error message and an OK button. Read the error message, click OK, and perform the recommended action. Possible error messages, explanations, and recommended actions are: Error MessageThe item you are trying to Delete is referenced by other Items. You must remove all references to this item before it can be deleted. Error MessageSome of the items you are trying to Delete are referenced by other Items. You must remove all references to the items before they can be deleted. Explanation If you attempt to delete one or more items that another item references, the system prevents the deletion. Recommended ActionClick OK to close the error message and display the content area list page. Your deletion does not occur and the items remain visible in the page. Remove all references to the item or items you want to delete, then perform your deletion.
5-27 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 5 Understanding My Workspace Accessibility System Failure Errors System failure errors occur when a system malfunction is detected. When a system failure error is detected, a dialog box appears, with an error message and OK button. Read the error message, click OK, and perform the recommended action. Possible error messages, explanations, and recommended actions are: Error MessageThe following System Failure occurred: . Where description describes the specific malfunction. ExplanationYou have attempted to make a configuration change and the system detected a failure at the same time. Recommended ActionClick OK to close the error message and display the content area list page. Your changes are not saved. Investigate and troubleshoot the detected malfunction, if possible. Error MessageAn unknown System Failure occurred. Explanation You tried to change the configuration and the system detected an unknown failure at the same time. Recommended ActionClick OK to close the error message and display the content area list page. Investigate possible system failure causes, if possible. Accessibility The ACS 5.3 web interface contains accessibility features for users with vision impairment and mobility limitations. This section contains the following topics: Display and Readability Features, page 5-27 Keyboard and Mouse Features, page 5-28 Obtaining Additional Accessibility Information, page 5-28 Display and Readability Features The ACS 5.3 web interface includes features that: Increase the visibility of items on the computer screen. Allow you to use screen reader software to interpret the web interface text and elements audibly. The display and readability features include: Useful text descriptions that convey information that appears as image maps and graphs. Meaningful and consistent labels for tables, buttons, fields, and other web interface elements. Label placement directly on, or physically near, the element to which they apply.
5-28 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 5 Understanding My Workspace Accessibility Color used as an enhancement of information only, not as the only indicator. For example, required fields are associated with a red asterisk. Confirmation messages for important settings and actions. User-controllable font, size, color, and contrast of the entire web interface. Keyboard and Mouse Features You can interact with the ACS 5.3 web interface by using the keyboard and the mouse to accomplish actions. The keyboard and mouse features include: Keyboard accessible links to pages that display dynamic content. Standard keyboard equivalents are available for all mouse actions. Multiple simultaneous keystrokes are not required for any action. Pressing a key for an extended period of time is not required for any action. Backspace and deletion are available for correcting erroneous entries. Obtaining Additional Accessibility Information For more information, refer to the Cisco Accessibility Program: E-mail: [email protected] We b : http://www.cisco.com/go/accessibility
CH A P T E R 6-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 6 Post-Installation Configuration Tasks This chapter provides a set of configuration tasks that you must perform to work with ACS. This chapter contains the following sections: Configuring Minimal System Setup, page 6-1 Configuring ACS to Perform System Administration Tasks, page 6-2 Configuring ACS to Manage Access Policies, page 6-4 Configuring ACS to Monitor and Troubleshoot Problems in the Network, page 6-4 Configuring Minimal System Setup Ta b l e 6 - 1 lists the steps that you must follow for a minimal system setup to get ACS up and running quickly in a lab, evaluation, or demonstration environment. Table 6-1 Minimal System Setup Step No. Task Drawer Refer to... Step 1 Add network devices. Network Resources > Network Devices and AAA ClientsCreating, Duplicating, and Editing Network Devices, page 7-10. Step 2 Add users. Users and Identity Stores > Internal Identity Stores > UsersCreating Internal Users, page 8-11. Step 3 Create authorization rules to permit or deny access.Policy Elements > Authorization and PermissionsManaging Authorizations and Permissions, page 9-17.
6-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 6 Post-Installation Configuration Tasks Configuring ACS to Perform System Administration Tasks Configuring ACS to Perform System Administration Tasks Ta b l e 6 - 2 lists the set of system administration tasks that you must perform to administer ACS. Ta b l e 6 - 2 S y s t e m A d m inistration Tasks Step No. Task Drawer Refer to... Step 1 Install ACS license. System Administration > Configuration > LicensingLicensing Overview, page 18-34. Step 2 Install system certificates. System Administration > Configuration > Local Server Certificates > Local CertificatesConfiguring Local Server Certificates, page 18-14. Step 3 Configure password policy rules for administrators and users. For administrators: System Administration > Administrators > Settings > Authentication For administrator access settings: System Administration > Administrators > Settings > Access For users: System Administration > Users > Authentication Settings For administrators: Configuring Authentication Settings for Administrators, page 16-9. For administrator access settings: Configuring Administrator Access Settings, page 16-11 For users: Configuring Authentication Settings for Users, page 8-9. Step 4 Add ACS administrators. System Administration > Administrators > AccountsConfiguring System Administrators and Accounts, page 16-3 Step 5 Configure primary and secondary ACS instances.System Administration > Operations > Distributed System ManagementUnderstanding Distributed Deployment, page 17-2. Step 6 Configure logging. System Administration > Configuration > Log ConfigurationConfiguring Logs, page 18-21. Step 7 Add network devices. Network Resources > Network Devices and AAA ClientsCreating, Duplicating, and Editing Network Devices, page 7-10.
6-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 6 Post-Installation Configuration Tasks Configuring ACS to Perform System Administration Tasks Step 8 Add users or hosts to the internal identity store, or define external identity stores, or both.For internal identity stores: Users and Identity Stores > Internal Identity Stores For external identity stores: Users and Identity Stores > External Identity Stores For internal identity stores: –Creating Internal Users, page 8-11. –Creating Hosts in Identity Stores, page 8-16. For external identity stores: –Creating External LDAP Identity Stores, page 8-26. –Configuring an AD Identity Store, page 8-48. –Creating and Editing RSA SecurID Token Servers, page 8-55. –Creating, Duplicating, and Editing RADIUS Identity Servers, page 8-63. Step 9 Add end user certificates. Users and Identity Stores > Certificate AuthoritiesAdding a Certificate Authority, page 8-69. Step 10 Configure identity sequence. Users and Identity Stores > Identity Store SequencesCreating, Duplicating, and Editing Identity Store Sequences, page 8-74. Table 6-2 System Administration Tasks (continued) Step No. Task Drawer Refer to...
6-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 6 Post-Installation Configuration Tasks Configuring ACS to Manage Access Policies Configuring ACS to Manage Access Policies Ta b l e 6 - 3 lists the set of tasks that you must perform to manage access restrictions and permissions. Configuring ACS to Monitor and Troubleshoot Problems in the Network Ta b l e 6 - 4 lists a set of configuration tasks that you must perform to get the Monitoring & Report Viewer up and running. Table 6-3 Managing Access Policies Step No. Task Drawer Refer to... Step 1 Define policy conditions. Policy Elements > Session ConditionsManaging Policy Conditions, page 9-1. Step 2 Define authorization and permissions.Policy Elements > Authorization and PermissionsManaging Authorizations and Permissions, page 9-17. Step 3 Define access services and service selection policies.Access Policies > Access Services To configure access services: Configuring Access Services, page 10-11. To configure access service policies: Configuring Access Service Policies, page 10-21. To configure compound conditions: Configuring Compound Conditions, page 10-40. Table 6-4 Monitoring and Troubleshooting Configuration Step No. Task Drawer Refer to... Step 1 Configure data purge and backup.Monitoring Configuration > System Operations > Data Management > Removal and BackupConfiguring Data Purging and Incremental Backup, page 15-3. Step 2 Specify e-mail settings. Monitoring Configuration > System Configuration > Email SettingsSpecifying E-Mail Settings, page 15-15. Step 3 Configure collection filters. Monitoring Configuration > System Configuration > Collection FiltersUnderstanding Collection Filters, page 15-16.
6-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 6 Post-Installation Configuration Tasks Configuring ACS to Monitor and Troubleshoot Problems in the Network Step 4 Enable system alarms and specify how you would like to receive notification.Monitoring Configuration > System Configuration > System Alarm SettingsConfiguring System Alarm Settings, page 15-17. Step 5 Define schedules and create threshold alarms.Monitoring and Reports > Alarms To configure schedules: Understanding Alarm Schedules, page 12-9. To create threshold alarms: Creating, Editing, and Duplicating Alarm Thresholds, page 12-11. Step 6 Configure alarm syslog targets. Monitoring Configuration > System Configuration > Alarm Syslog TargetsConfiguring Alarm Syslog Targets, page 15-17. Step 7 Configure remote database to export the Monitoring & Report Vi ew e r d a t a .Monitoring Configuration > System Configuration > Remote Database SettingsConfiguring Remote Database Settings, page 15-17. Table 6-4 Monitoring and Troubleshooting Configuration (continued) Step No. Task Drawer Refer to...
6-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 6 Post-Installation Configuration Tasks Configuring ACS to Monitor and Troubleshoot Problems in the Network