Cisco Systems OL-24201-01 manual Option, 10-30

Identity Group

Name of the internal identity group to which this is matching against.

NDG:name

Network device group. The two predefined NDGs are Location and Device Type.

conditions

Conditions that define the scope of the rule. To change the types of conditions that the rule uses, click

the Customize button. You must have previously defined the conditions that you want to use.

Results

Authorization Profile

Displays the authorization profile that will be applied when the corresponding rule is matched.

When you enable the Security Group Access feature, you can customize rule results; a rule can

determine the access permission of an endpoint, the security group of that endpoint, or both. The

columns that appear reflect the customization settings.

Hit Count

The number of times that the rule is matched. Click the Hit Count button to refresh and reset this

column.

Default Rule

ACS applies the Default rule when:

• Enabled rules are not matched.

• No other rules are defined.

Click the link to edit the Default Rule. You can edit only the results of the Default Rule; you cannot

delete, disable, or duplicate it.

Customize button

Opens the Customize page in which you choose the types of conditions to use in policy rules. A new

Conditions column appears in the Policy page for each condition that you add.

When you enable the Security Group Access feature, you can also choose the set of rule results; only

session authorization profiles, only security groups, or both.

Caution If you remove a condition type after defining rules, you will lose any conditions that you

configured for that condition type.

Hit Count button

Opens a window that enables you to reset and refresh the Hit Count display in the Policy page. See

Displaying Hit Counts, page 10-10.

User Guide for Cisco Secure Access Control System 5.3

10-30

OL-24201-01