2-5
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter2 Migrating from ACS 4.x to ACS 5 .4
Functionality Mapping from ACS 4.x to ACS 5.4
Functionality Mapping from ACS 4.x to ACS 5.4
In ACS 5.4, you define authorizations, shell profiles, attributes, and other policy elem ents as
independent, reusable objects, and not as part of the user or group definition.
Table 2 -1 describes where you configure identities, network resources, and policy elements in ACS 5.4.
Use this table to view and modify your migrated data identities. See Chapter 3, “ACS 5.x Policy Model”
for an overview of the ACS 5.4 policy model.
Table2-1 Functionality Mapping from ACS 4.x to ACS 5.4
To configure... In ACS 4.x, choose... In ACS 5.4, choose... Additional information for 5.4
Network device groups Network
Configuration page
Network Resources > Network
Device Groups
See Creating, Duplicating, and
Editing Network Device Groups,
page 7-2.
You can use NDGs as conditions
in policy rules.
ACS 5.4 does not support NDG
shared password. After
migration, member devices
contain the NDG shared
password information.
Network devices and AAA
clients
Network
Configuration page
Network Resources > Network
Devices and AAA Clients
See Network Devices and AAA
Clients, page 7-5.
RADIUS KeyWrap keys (KEK
and MACK) are migrated from
ACS 4.x to ACS 5.4.
User groups Group Setup page Users and Identity Stores >
Identity Groups
See Managing Identity
Attributes, page 8-7.
You can use identity groups as
conditions in policy rules.
Internal users User Setup page Users and Identity Stores >
Internal Identity Stores > Users
See Managing Internal Identity
Stores, page 8-4.
ACS 5.4 authenticates internal
users against the internal identity
store only.
Migrated users that used an
external database for
authentication have a default
authentication password that
they must change on first access.
Internal hosts Network Access
Profiles >
Authentication
Users and Identity Stores >
Internal Identity Stores > Hosts
See Creating Hosts in Identity
Stores, page 8-16.
You can use the internal hosts in
identity policies for Host
Lookup.
Identity attributes
(user-defined field s)
Interface
Configuration > User
Data Configuration
System Administration >
Configuration > Dictionaries >
Identity > Internal Users
See Managing Dictionaries,
page 18-5.
Defined identity attribute fields
appear in the User Properties
page. You can use them as
conditions in access service
policies.