Cisco Systems OL-24201-01 manual Select Policy Elements Session Conditions Custom

Chapter 9 Managing Policy Elements

Managing Policy Conditions

Creating, Duplicating, and Editing a Custom Session Condition

The protocol and identity dictionaries contain a large number of attributes. To use any of these attributes as a condition in a policy rule, you must first create a custom condition for the attribute. In this way, you define a smaller subset of attributes to use in policy conditions, and present a smaller focused list from which to choose condition types for rule tables.

You can also include protocol and identity attributes within compound conditions. See Configuring Compound Conditions, page 10-40for more information on compound conditions.

To create a custom condition, you must select a specific protocol (RADIUS or TACACS+) or identity attribute from one of the dictionaries, and name the custom condition. See Configuring Global System Options, page 18-1for more information on protocol and identity dictionaries.

When you create a custom condition that includes identity or RADIUS attributes, you can also include the definition of the attributes. You can thus easily view any existing custom conditions associated with a particular attribute.

To create, duplicate, or edit a custom session condition:

Step 1 Select Policy Elements > Session Conditions > Custom.

The Custom Conditions page appears.

Step 2 Do one of the following:

•Click Create.

•Check the check box next to the condition you want to duplicate and click Duplicate.

•Click the name that you want to modify; or, check the check box next to the condition that you want to modify and click Edit.

The Custom Condition Properties page appears.

Step 3 Enter valid configuration data in the required fields as shown in Table 9-2:

General

User Guide for Cisco Secure Access Control System 5.3