Cisco Systems OL-24201-01 manual Creating Policy Rules, 10-37

Chapter 10 Managing Access Policies

Configuring Access Service Policies

Creating Policy Rules

When you create rules, remember that the order of the rules is important. When ACS encounters a match as it processes the request of a client that tries to access the ACS network, all further processing stops and the associated result of that match is found. No further rules are considered after a match is found.

The Default Rule provides a default policy in cases where no rules are matched or defined. You can edit the result of a default rule.

Before You Begin

•Configure the policy conditions and results. See Managing Policy Conditions, page 9-1.

•Select the types of conditions and results that the policy rules apply. See Customizing a Policy, page 10-4.

To create a new policy rule:

Step 1 Select Access Policies > Service Selection Policy service > policy, where service is the name of the access service, and policy is the type of policy. If you:

•Previously created a rule-based policy, the Rule-Based Policy page appears, with a list of configured rules.

•Have not created a rule-based policy, the Simple Policy page appears. Click Rule-Based.

Step 2 In the Rule-Based Policy page, click Create.

The Rule page appears.

Step 3 Define the rule.

Step 4 Click OK

The Policy page appears with the new rule.

Step 5 Click Save Changes to save the new rule.

To configure a simple policy to use the same result for all requests that an access service processes, see:

•Viewing Identity Policies, page 10-21

•Configuring a Group Mapping Policy, page 10-26

•Configuring a Session Authorization Policy for Network Access, page 10-29

•Configuring a Session Authorization Policy for Network Access, page 10-29

•Configuring Shell/Command Authorization Policies for Device Administration, page 10-34

Related Topics

•Duplicating a Rule, page 10-38

•Editing Policy Rules, page 10-38

•Deleting Policy Rules, page 10-39