Chapter 10 Managing Access Policies

Security Group Access Control Pages

Note For endpoint admission control, you must define an access service and session authorization policy. See Configuring Network Access Authorization Rule Properties, page 10-31for information about creating a session authorization policy.

Table 10-28 NDAC Policy Properties Page

Option

General

Name

Status

Description

Name of the rule. If you are duplicating a rule, you must enter a unique name as a minimum configuration; all other fields are optional.

Rule statuses are:

Enabled—The rule is active.

Disabled—ACS does not apply the results of the rule.

Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit count are written to the log, and the log entry includes an identification that the rule is monitor only. The monitor option is especially useful for watching the results of a new rule.

Conditions

conditions

Conditions that you can configure for the rule. The default value for each condition is ANY. To change the value for a condition, check the condition check box, then enter the value.

If compound expression conditions are available, when you check Compound Expression, an expression builder appears. For more information, see Configuring Compound Conditions, page 10-40.

To change the list of conditions for the policy, click the Customize button in the NDAC Policy Page, page 10-47.

Results

Security Group

Select the security group to assign to the device when it matches the corresponding conditions.

Related Topics:

Configuring an NDAC Policy, page 4-25

NDAC Policy Page, page 10-47

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

10-49

 

 

 

 

 

Page 313
Image 313
Cisco Systems OL-24201-01 manual Configuring an Ndac Policy, Ndac Policy Page, 10-49