10-8
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter10 Managing Access Policies
Configuring the Service Selection Policy
Creating, Duplicating, and Editing Service Selection Rules
Create service selection rules to determine which access service processes incoming requests. The
Default Rule provides a default access service in cases where no rules are matched or defined.
When you create rules, remember that the order of the rules is important. When ACS encounters a match
as it processes the request of a client that tries to access the ACS network, all further processing stops
and the associated result of that match is found. No further rules are considered after a match is found.
You can duplicate a service selection rule to create a new rule that is the same, or very similar to, an
existing rule. The duplicate rule name is based on the original rule with parentheses to indicate
duplication; for example, Rule-1(1). After duplicatio n is complete, you access each rule (original and
duplicated) separately. You cannot duplicate the Default rule.
You can edit all values of service selection rules; you can edit the specified access service in the Default
rule.
Note To configure a simple policy to apply the same access service to all requests, see Configuring a Simple
Service Selection Policy, page10-6.
Before You Begin
Configure the conditions that you want to use in the service selection policy. See Managing Policy
Conditions, page9-1.
Note Identity-related attributes are not available as conditions in a service selection policy.
Create the access services that you want to use in the service selection policy. See Creating,
Duplicating, and Editing Access Services, page 10-12. You do not need to configure policies in the
access service before configuring the service selection policy.
Configure the types of conditions to use in the policy rules. See Customizing a Policy, page10-4,
for more information.
To create, duplicate, or edit a service selection policy rule:
Step1 Select Access Policies > Service Selection Policy. If you:
Previously created a rule-based policy, the Rule-Based Service Selection Policy page appears with
a list of configured rules.
Have not created a rule-based policy, the Simple Service Selection Policy page appears. Click
Rule-Based.
Step2 Do one of the following:
Click Create.
Check the check box next to the rule that you want to duplicate; then click Duplicate.
Click the rule name that you want to modify; or, check the ch eck box next to the name and click
Edit.
The Rule page appears.
Step3 Enter or modify values:
User-defined rules—You can edit any value. Ensure that you include at least one condition. If you
are duplicating a rule, you must change the rule name.