16-13
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter16 Managing System Ad ministrators
Configuring Administrator Access Settings
Step1 Choose System Administration > Administrators > Settings > Session.
The GUI Session page appears.
Step2 Enter the Session Idle Timeout value in minutes. Valid values are 5 to 90 minutes.
Step3 Click Submit.
Note The CLI client interface has a default session timeout value of 6 hours. You cannot configure the session
timeout period in the CLI client interface.
Configuring Administrator Access Settings
ACS 5.4 allows you to restrict administrative access to ACS based on the IP address of the remote client.
You can filter IP addresses in any one of the following ways:
Allow All IP Addresses to Connect, page 16-13
Allow Remote Administration from a Select List of IP Addresses, page 16-13
Reject Remote Administration from a Select List of IP Addresses, p age 16-13
Allow All IP Addresses to Connect
You can choose the Allow all IP addresses to connect option to allow all connections; this is the default
option.
Allow Remote Administration from a Select List of IP Addresses
To allow administrators to access ACS remotely:
Step1 Choose System Administration > Administrators > Settings > Access.
The IP Addresses Filtering page appears.
Step2 Click Allow only listed IP addresses to connect radio button.
The IP Range(s) area appears.
Step3 Click Create in the IP Range(s) area.
A new window appears. Enter the IPv4 or IPv6 address of the machine from which you want to allow
remote access to ACS. Enter a subnet mask for an entire IP address range. ACS checks if the address that
is entered is in a format that is supported by IPv4 or IPv6.
Step4 Click OK.
The IP Range(s) area is populated with the IP addresses. Repeat Step 3 to add other IP addresses or
ranges for which you want to provide remote access.
Step5 Click Submit.
Reject Remote Administration from a Select List of IP Addresses
To reject administrators from accessing ACS remotely: