Chapter 10 Managing Access Policies

Configuring Access Service Policies

Configuring Network Access Authorization Rule Properties

Use this page to create, duplicate, and edit the rules to determine access permissions in a network access service.

Step 1 Select Access Policies > Access Services > <service> > Authorization, and click Create, Edit, or Duplicate.

Step 2 Complete the fields as described in Table 10-16:

Table 10-16 Network Access Authorization Rule Properties Page

Option

General

Name

Status

Description

Name of the rule. If you are duplicating a rule, you must enter a unique name as a minimum configuration; all other fields are optional.

Rule statuses are:

Enabled—The rule is active.

Disabled—ACS does not apply the results of the rule.

Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit count are written to the log, and the log entry includes an identification that the rule is monitor only. The monitor option is especially useful for watching the results of a new rule.

Conditions

conditions

Conditions that you can configure for the rule. By default the compound condition appears. You can change the conditions that appear by using the Customize button in the Policy page.

The default value for each condition is ANY. To change the value for a condition, check the condition check box, then specify the value.

If you check Compound Condition, an expression builder appears in the conditions frame. For more information, see Configuring Compound Conditions, page 10-40.

Results

Authorization Profiles

List of available and selected profiles. You can choose multiple authorization profiles to apply to

 

 

a request. See Processing Rules with Multiple Authorization Profiles, page 3-17for information

 

 

about the importance of authorization profile order when resolving conflicts.

 

 

Security Group

(Security Group Access only) The security group to apply.

 

 

When you enable Security Group Access, you can customize the results options to display only

 

 

session authorization profiles, only security groups, or both.

 

 

 

 

 

 

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

10-31

 

 

 

 

 

Page 295
Image 295
Cisco Systems OL-24201-01 manual Configuring Network Access Authorization Rule Properties, 10-31