Cisco Acs 5x User Guide
Have a look at the manual Cisco Acs 5x User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
12-33 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Deleting Alarm Thresholds Related Topics Viewing and Editing Alarms in Your Inbox, page 12-3 Creating, Editing, and Duplicating Alarm Thresholds, page 12-11 Deleting Alarm Thresholds, page 12-33 Deleting Alarm Thresholds To delete an alarm threshold: Step 1Select Monitoring and Reports > Alarms > Thresholds. The Alarms Thresholds page appears. Step 2Check one or more check boxes next to the thresholds you want to delete, and click Delete. Step 3Click OK to confirm that you want to delete the selected alarm(s). The Alarms Thresholds page appears without the deleted threshold. Email Notification Email Notification User ListEnter a comma-separated list of e-mail addresses or ACS administrator names or both. Do one of the following: Enter the e-mail addresses. Click Select to enter valid ACS administrator names. The associated administrator is notified by e-mail only if there is an e-mail identification specified in the administrator configuration. See Creating, Duplicating, Editing, and Deleting Administrator Accounts, page 16-6 for more information. When a threshold alarm occurs, an e-mail is sent to all the recipients in the Email Notification User List. Click Clear to clear this field. Email in HTML FormatCheck this check box to send e-mail notifications in HTML format. Uncheck this check box to send e-mail notifications as plain text. Custom Text Enter custom text messages that you want associated with your alarm threshold. Syslog Notification Send Syslog MessageCheck this check box to send a syslog message for each system alarm that ACS generates. NoteFor ACS to send syslog messages successfully, you must configure Alarm Syslog Targets, which are syslog message destinations. Understanding Alarm Syslog Targets, page 12-35 for more information. Table 12-25 Thresholds: Notifications Page (continued) Option Description
12-34 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Configuring System Alarm Settings Configuring System Alarm Settings System alarms are used to notify users of: Errors that are encountered by the Monitoring and Reporting services Information on data purging Use this page to enable system alarms and to specify where alarm notifications are sent. When you enable system alarms, they are sent to the Alarms Inbox. In addition, you can choose to send alarm notifications through e-mail to select recipients and as syslog messages to the destinations specified as alarm syslog targets. From the Monitoring & Report Viewer, choose Monitoring Configuration > System Configuration > System Alarm Settings. This section contains the following topics: Creating and Editing Alarm Syslog Targets, page 12-35 Deleting Alarm Syslog Targets, page 12-36 Table 12-26 System Alarm Settings Page Option Description System Alarm Settings Notify System Alarms Check this check box to enable system alarm notification. System Alarms Suppress DuplicatesUse the drop-down list box to designate the number of hours that you want to suppress duplicate system alarms from being sent to the Email Notification User List. Valid options are 1, 2, 4, 6, 8, 12, and 24. Email Notification Email Notification User List Enter a comma-separated list of e-mail addresses or ACS administrator names or both. Do one of the following: Enter the e-mail addresses. Click Select to enter valid ACS administrator names. The associated administrator is notified by e-mail only if there is an e-mail identification specified in the administrator configuration. See Creating, Duplicating, Editing, and Deleting Administrator Accounts, page 16-6 for more information. When a system alarm occurs, an e-mail is sent to all the recipients in the Email Notification User List. Click Clear to clear this field. Email in HTML Format Check this check box to send e-mail notifications in HTML format. Uncheck this check box to send e-mail notifications as plain text. Syslog Notification Send Syslog Message Check this check box to send a syslog message for each system alarm that ACS generates. For ACS to send syslog messages successfully, you must configure Alarm Syslog Targets, which are syslog message destinations. Understanding Alarm Syslog Targets, page 12-35 for more information.
12-35 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Understanding Alarm Syslog Targets Understanding Alarm Syslog Targets Alarm syslog targets are the destinations where alarm syslog messages are sent. The Monitoring & Report Viewer sends alarm notification in the form of syslog messages. You must configure a machine that runs a syslog server to receive these syslog messages. To view a list of configured alarm syslog targets, choose Monitoring Configuration > System Configuration > Alarm Syslog Targets. NoteYou can configure a maximum of two syslog targets in the Monitoring & Report Viewer. This section contains the following topics: Creating and Editing Alarm Syslog Targets, page 12-35 Deleting Alarm Syslog Targets, page 12-36 Creating and Editing Alarm Syslog Targets To create or edit an alarm syslog target: Step 1Choose Monitoring Configuration > System Configuration > Alarm Syslog Targets. The Alarm Syslog Targets page appears. Step 2Do one of the following: Click Create. Check the check box next to the alarm syslog target that you want to edit, then click Edit. The Alarm Syslog Targets Create or Edit page appears. Step 3Modify the fields described in Table 12-27. Table 12-27 Alarm Syslog Targets Create or Edit Page Option Description Identification Name Name of the alarm syslog target. The name can be 255 characters in length. Description (Optional) A brief description of the alarm that you want to create. The description can be up to 255 characters in length. Configuration IP Address IP address of the machine that receives the syslog message. This machine must have the syslog server running on it. We recommend that you use a Windows or a Linux machine to receive syslog messages.
12-36 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 12 Managing Alarms Understanding Alarm Syslog Targets Step 4Click Submit. Related Topics Understanding Alarm Syslog Targets, page 12-35 Deleting Alarm Syslog Targets, page 12-36 Deleting Alarm Syslog Targets NoteYou cannot delete the default nonstop schedule. To delete an alarm syslog target: Step 1Choose Monitoring Configuration > System Configuration > Alarm Syslog Targets. The Alarm Syslog Targets page appears. Step 2Check the check box next to the alarm syslog target that you want to delete, then click Delete. The following message appears: Do you want to delete the selected item(s)? Step 3Click Ye s. The Alarm Syslog Targets page appears without the deleted alarm syslog targets. Use Advanced Syslog Options Port Port in which the remote syslog server listens. By default, it is set to 514. Valid options are from 1 to 65535. Facility Code Syslog facility code to be used for logging. Valid options are Local0 through Local7. Table 12-27 Alarm Syslog Targets Create or Edit Page Option Description
CH A P T E R 13-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 13 Managing Reports The Monitoring & Report Viewer component of ACS collects log and configuration data from various ACS servers in your deployment, aggregates it, and provides interactive reports that help you analyze the data. The Monitoring & Report Viewer provides you integrated monitoring, reporting, and troubleshooting capabilities to efficiently manage your network and troubleshoot network-related problems. The Monitoring & Report Viewer offers you a powerful dashboard that you can use to monitor the health of all ACS servers in your deployment. The dashboard also provides information on network access patterns and trends in traffic that you can use to administer your network efficiently. The Monitoring & Report Viewer provides you real-time data and vital statistics that help you proactively manage your network and prevent any attacks. ACS comes with a set of predefined reports that you can run to obtain meaningful information from the log and configuration data obtained from ACS servers. Table 13-2 lists the reports that are available in ACS under various categories. These reports provide information related to authentication, session traffic, device administration, ACS server configuration and administration, and troubleshooting. You can view these reports as tables, graphs, or charts and drill down further for more granular data. Further, ACS allows you to: Filter the data in your report based on your requirements Export the report in a CSV format and print it Add the report to your list of favorites, from which you can access them frequently Share the report with other users Customize reports using the Interactive Viewer The Monitoring and Reports drawer appears in the primary web interface window and contains the Launch Monitoring & Report Viewer option. Click Launch Monitoring & Report Viewer to open the Monitoring and Reports Viewer in a secondary web interface window, which contains the following drawers: Monitoring and Reports Monitoring Configuration. (See Managing System Operations and Configuration in the Monitoring & Report Viewer, page 15-1.) You can run reports from any of the following pages: Favorites—Monitoring & Reports > Reports > Favorites Shared—Monitoring & Reports > Reports > Shared
13-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Catalog—Monitoring & Reports > Reports > Catalog > For easy access, you can add reports to your Favorites page, from which you can customize and delete reports. You can customize the reports that must be shared within your group and add them to the Shared page. The Catalog pages provide a rich set of reports on log, diagnostic, and troubleshooting data retrieved from the ACS servers in your deployment. The reports that reside in these pages can be: System reports—Preconfigured with the ACS software; you can view the list of system reports in the Reports > Catalog pages. Customized reports—System reports that you have configured and saved (see Customizing Reports, page 13-20). NotePerformance of reports in Internet Explorer (IE) 7.0 is slow because of a phishing filter, which is a new feature in IE 7.0. To resolve this issue, you must get the latest security updates from Microsoft. For more information on this, go to http://support.microsoft.com/kb/928089/. In addition, ACS 5.3 introduces the Dynamic Change of Authorization (CoA) feature through a new report, the RADIUS Active Sessions report, which allows you to dynamically control active RADIUS sessions. With this feature, you can send a reauthenticate or disconnect request to a NAD to: Troubleshoot issues related to authentication—You can use the Disconnect:None option to follow up with an attempt to reauthenticate again. You must not use the disconnect option to restrict access. To restrict access, use the shutdown option. Block a problematic host—You can use the Disconnect:Port Disable option to block an infected host that sends a lot of traffic over the network. The RADIUS protocol currently does not support a method for re-enabling a port that is shut down. Force endpoints to reacquire IP addresses—You can use the Disconnect:Port Bounce option for endpoints that do not have a supplicant or client to generate a DHCP request after VLAN change. Push an updated authorization policy to an endpoint—You can use the Re-Auth option to enforce an updated policy configuration, such as a change in the authorization policy on existing sessions based on the administrator’s discretion. For example, if posture validation is enabled, when an endpoint gains access initially, it is usually quarantined. After the endpoint’s identity and posture are known, it is possible to send the CoA Re-Auth command to the endpoint for the endpoint to acquire the actual authorization policy based on its posture. Legacy NAS devices do not support the CoA feature. Cisco plans to support CoA in all its devices as part of the NPF program. NoteFor the CoA commands to be understood correctly by the device, it is important that you configure the options appropriately. For the CoA feature to work properly, you must configure in ACS the shared secret of each and every device for which you want to dynamically change the authorization. ACS uses the shared secret configuration, both for requesting access from the device and for issuing CoA commands to it. See Changing Authorization and Disconnecting Active RADIUS Sessions, page 13-18 for more information.
13-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Favorite Reports This chapter describes in detail the following: Working with Favorite Reports, page 13-3 Sharing Reports, page 13-6 Working with Catalog Reports, page 13-7 Viewing Reports, page 13-21 Formatting Reports in Interactive Viewer, page 13-27 Organizing Report Data, page 13-41 Hiding and Filtering Report Data, page 13-66 Understanding Charts, page 13-75 Working with Favorite Reports You can add reports that you most frequently use to your Favorites page so that you do not have to navigate each time to get to your favorite report. The Monitoring & Report Viewer allows you to: View the parameters that are set for each of your favorite reports Edit the parameters before you run the reports For example, after you add a report to your list of favorites, the next time you want to view the same report with a different set of parameters, you need not create another report. Instead, you can simply edit the parameters in your favorite report to generate the report with different parameters. This section contains the following topics: Adding Reports to Your Favorites Page, page 13-3 Viewing Favorite-Report Parameters, page 13-4 Editing Favorite Reports, page 13-5 Running Favorite Reports, page 13-5 Deleting Reports from Favorites, page 13-6 Adding Reports to Your Favorites Page You can create a list of favorites for reports that you access often, similarly to the way you bookmark your favorite websites in a browser. To add a report to your Favorites page: Step 1Select Monitoring & Reports > Reports > Catalog > report_type >, where report_type is the type of report. The available reports for the report type you selected are displayed. Step 2Click the radio button next to the report you want to add to your favorites. See Table 13-5 for valid field options. Step 3Click Add to Favorites. The Add to Favorite page appears. Step 4Modify fields in the Add to Favorites page as required.
13-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Favorite Reports Step 5Click Add to Favorite. The report is added to your Favorites page. Related Topics Working with Favorite Reports, page 13-3 Viewing Favorite-Report Parameters, page 13-4 Editing Favorite Reports, page 13-5 Deleting Reports from Favorites, page 13-6 Understanding the Report_Name Page, page 13-15 Viewing Favorite-Report Parameters Before you run your favorite report, you can view the parameters that are set and edit them. To view your favorite-report parameters: Step 1Choose Monitoring and Reports > Reports > Favorites. The Favorites page appears with a list of your favorite reports. Step 2Check the check box next to the favorite report whose parameters you want to see, then click Parameters. A window similar to the one shown in Figure 13-1 appears, listing the parameters in your favorite report and their values. Figure 13-1 Viewing Favorite-Report Parameters Step 3 Click Cancel or the Close button at the upper-right corner of the parameters window to return to the Favorites page.
13-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Working with Favorite Reports Editing Favorite Reports After you view the existing parameters in your favorite report, you can edit them. To edit the parameters in your favorite reports: Step 1Choose Monitoring and Reports > Reports > Favorites. The Favorites page appears with a list of your favorite reports. Step 2Check the check box next to the favorite report that you want to edit, then click Edit. The Edit Favorite Report page appears. Step 3Edit the values for the various parameters in the Edit Favorite Report page. Step 4Click: Edit Favorite to save the changes that you have made. Reset to reset the values. Cancel to cancel the changes that you have made and return to the Favorites page. When a favorite report is edited, the Monitoring & Report Viewer displays a status message in the Favorite page, stating that the favorite report has been edited successfully. Related Topics Adding Reports to Your Favorites Page, page 13-3 Viewing Favorite-Report Parameters, page 13-4 Running Favorite Reports, page 13-5 Understanding the Report_Name Page, page 13-15 Running Favorite Reports To run a report in your Favorites page: Step 1Select Monitoring & Reports > Reports > Favorites. The Favorites page appears with the fields described in Table 13-1: Step 2Do one of the following: Click the check box next to the report name that you want to run and click Run. Click the name of the report that you want to run. Table 13-1 Favorites Page Option Description Favorite Name Name of the favorites report. Click to open a summary of an associated report. Report Name Report name associated with a Catalog (Report) type. Report Type General grouping name associated with the report.
13-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 13 Managing Reports Sharing Reports The report is generated in the page. Step 3Click Launch Interactive Viewer for more options. Related Topics Adding Reports to Your Favorites Page, page 13-3 Viewing Favorite-Report Parameters, page 13-4 Running Favorite Reports, page 13-5 Understanding the Report_Name Page, page 13-15 Deleting Reports from Favorites NoteWhen you delete a system report from the Favorites page, the system report remains in the appropriate Reports > Catalog page. To delete a report from the Favorites page: Step 1Select Monitoring & Reports > Reports > Favorites. Step 2Check one or more check boxes next to the reports you want to delete, and click Delete. Step 3Click OK to confirm that you want to delete the selected reports. The Favorites page appears without the deleted reports. Sharing Reports You can add reports to the Shared folder to make them available for all users. To add reports to the Shared folder: Step 1Choose any report that you want to share. For example, if you want to share the ACS Health Summary report, you would choose Monitoring and Reports > Reports > Catalog > ACS Instance. The ACS Instance reports page appears. Step 2Run the report. See Running Catalog Reports, page 13-11 for more information. In this example, the ACS Health Summary report appears. Step 3Launch the report in the Interactive Viewer. Step 4Click the Save icon at the upper-left corner of the Interactive Viewer page. The Save window appears. Step 5Choose the Shared folder from the Choose a Folder list box. Step 6Enter a filename of your choice.