8-21
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter8 Managing Users and I dentity Stores
Managing Internal Identity Stores
Step8 After successfully creating the policy, try authenticating the user using the created policy. The user will
be authenticated only if the hierarchy defined for the user equals or contained in the AAA clients
hierarchy. You can view the logs to analyze the authentication results.
Related Topics
Configuring and Using HostIsInManagement Hierarchy Attributes, page 8-21.
Configuring and Using HostIsInManagement Hierarchy Attributes
To configure and use HostIsInManagementHierarchy attribute, complete the following steps:
Step1 Create ManagementHierarchy and HostIsInManagementHierarchy attributes for internal hosts. See
Configuring Internal Identity Attributes, page18-11.
Step2 Create the Network Device Groups for the network devices and AAA clients with the required
hierarchies. See Creating, Duplicating, and Editing Network Device Groups, page 7-2.
Step3 Create Network Devices and AAA clients and associate them with a Network Device Group. See
Creating, Duplicating, and Editing Network Devices, page 7-10.
Step4 Create Internal Hosts and configure the ManagementHierarchy attribute. See Creating Internal Users,
page 8-11.
Step5 Choose Access Policies > Access Services > Default Network Access > Authorization.
The Authorization page appears.
Step6 Click Customize, add the Compound Condition to the policy conditions, and click OK.
Step7 Click Create to create a new policy and do the following:
a. Enter an appropriate name for the policy and set the status.
b. In the Conditions section, check the Compound Condition check box.
c. Select Internal hosts from the dictionary drop down list.
d. Select HostIsInManagementHierarchy attribute from the available attribute list.
e. Select Static value and enter True as a condition for the rule to be matched.
f. Click Add to add this compound condition to the policy.
g. Choose the policy result for the rule and click OK.
See Configuring a Session Authorization Policy for Network Access, page 10-30 for more information
on creating a authorization policy for network access.
Step8 After successfully creating the policy, try authenticating the user using the created policy. The user will
be authenticated only if the hierarchy defined for the user equals or contained in the AAA clients
hierarchy. You can view the logs to analyze the authentication results.
Related Topics
Configuring and Using UserIsInManagement Hierarchy Attribute, page 8-20.