Chapter 10 Managing Access Policies

Configuring the Service Selection Policy

Table 10-2

Rule-based Service Selection Policy Page

 

 

Option

Description

 

 

Policy type

Defines the type of policy to configure:

 

Select one result—Results apply to all requests.

 

Rule-based result selection—Configuration rules apply different results depending on the

 

request.

 

 

Status

Current status of the rule that drives service selection. The rule statuses are:

Enabled—The rule is active.

Disabled—ACS does not apply the results of the rule.

Monitor Only—The rule is active, but ACS does not apply the results of the rule. Results such as hit count are written to the log, and the log entry includes an identification that the rule is monitor only. The monitor option is especially useful for watching the results of a new rule.

Name

Rule name.

 

 

 

 

Conditions

Conditions that determine the scope of the service. This column displays all current conditions in

 

 

subcolumns.

 

 

You cannot use identity-based conditions in a service selection rule.

 

 

 

 

Results

Service that runs as a result of the evaluation of the rule.

 

 

 

 

Hit Count

Number of times that the rule is matched. Click Hit Count to refresh and reset this column.

 

 

 

 

Default Rule

ACS applies the Default rule when:

 

 

 

Enabled rules are not matched.

 

 

 

No other rules are defined.

 

 

Click the link to edit the Default Rule. You can edit only the results of the Default Rule; you

 

 

cannot delete, disable, or duplicate it.

 

 

 

 

Customize button

Opens the Customize page in which you choose the types of conditions to use in policy rules. A

 

 

new Conditions column appears in the Policy page for each condition that you add.

 

 

 

 

 

 

 

 

Caution If you remove a condition type after defining rules, you will lose any conditions that

 

 

 

 

 

you configured for that condition type.

 

 

 

 

 

 

 

 

Hit Count button

Opens a window that enables you to reset and refresh the Hit Count display in the Policy page.

 

 

See Displaying Hit Counts, page 10-10.

 

To configure a rule-based service selection policy, see these topics:

Creating, Duplicating, and Editing Service Selection Rules, page 10-8

Deleting Service Selection Rules, page 10-10

After you configure your service selection policy, you can continue to configure your access service policies. See Configuring Access Service Policies, page 10-21.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

10-7

 

 

 

 

 

Page 271
Image 271
Cisco Systems OL-24201-01 manual See Displaying Hit Counts, 10-7