Cisco Systems OL-24201-01 Security Group Access Control Pages, Egress Policy Matrix, Policy Page

Chapter 10 Managing Access Policies

Security Group Access Control Pages

Related Topics

•Compound Condition Building Blocks, page 10-40

•Types of Compound Conditions, page 10-41

Security Group Access Control Pages

This section contains the following topics:

•Egress Policy Matrix Page, page 10-45

•Editing a Cell in the Egress Policy Matrix, page 10-46

•Defining a Default Policy for Egress Policy Page, page 10-46

•NDAC Policy Page, page 10-47

•NDAC Policy Properties Page, page 10-48

•Network Device Access EAP-FAST Settings Page, page 10-50

Egress Policy Matrix Page

The Egress policy, also known as an SGACL policy, determines which SGACLs to apply at the Egress points of the network, based on the source and destination SGTs. ACS presents the Egress policy as a matrix; it displays all the security groups in the source and destination axes. Each cell in the matrix can contain a set of ACLs to apply to the corresponding source and destination SGTs.

The network devices add the default policy to the specific policies that you defined for the cells. For empty cells, only the default policy applies.

Use the Egress policy matrix to view, define, and edit the sets of ACLs to apply to the corresponding source and destination SGTs.

To display this page, choose Access Policies > Security Group Access Control > Egress Policy.

Table 10-23 Egress Policy Matrix Page

•All—Clears all the rows and columns in the Egress policy matrix.

•Customize View—Launches a window where you can customize source and destination security groups corresponding to the selected cell.