Cisco Systems OL-24201-01 specification

Chapter 2 Migrating from ACS 4.x to ACS 5.3

Functionality Mapping from ACS 4.x to ACS 5.3

In ACS 5.3, you define authorizations, shell profiles, attributes, and other policy elements as independent, reusable objects, and not as part of the user or group definition.

Table 2-1describes where you configure identities, network resources, and policy elements in ACS 5.3. Use this table to view and modify your migrated data identities. See Chapter 3, “ACS 5.x Policy Model” for an overview of the ACS 5.3 policy model.

Table 2-1	Functionality Mapping from ACS 4.x to ACS 5.3

To configure...		In ACS 4.x, choose...	In ACS 5.3, choose...	Additional information for 5.3

Network device groups		Network	Network Resources > Network	You can use NDGs as conditions
		Configuration page	Device Groups	in policy rules.
			See Creating, Duplicating, and	ACS 5.3 does not support NDG
			Editing Network Device Groups,	shared password. After
			page 7-2.	migration, member devices
				contain the NDG shared
				password information.

Network devices and AAA		Network	Network Resources > Network	RADIUS KeyWrap keys (KEK
clients		Configuration page	Devices and AAA Clients	and MACK) are migrated from
			See Network Devices and AAA	ACS 4.x to ACS 5.3.
			See Network Devices and AAA
			Clients, page 7-5.

User groups		Group Setup page	Users and Identity Stores >	You can use identity groups as
			Identity Groups	conditions in policy rules.
			See Managing Identity
			Attributes, page 8-7.

Internal users		User Setup page	Users and Identity Stores >	ACS 5.3 authenticates internal
			Internal Identity Stores > Users	users against the internal identity
			See Managing Internal Identity	store only.
			See Managing Internal Identity
			Stores, page 8-4.	Migrated users that used an
				external database for
				authentication have a default
				authentication password that
				they must change on first access.

Internal hosts		Network Access	Users and Identity Stores >	You can use the internal hosts in
		Profiles >	Internal Identity Stores > Hosts	identity policies for Host
		Authentication	See Creating Hosts in Identity	Lookup.
			See Creating Hosts in Identity
			Stores, page 8-16.

Identity attributes		Interface	System Administration >	Defined identity attribute fields
(user-defined fields)		Configuration > User	Configuration > Dictionaries >	appear in the User Properties
		Data Configuration	Identity > Internal Users	page. You can use them as
			See Managing Dictionaries,	conditions in access service
			See Managing Dictionaries,	policies.
			page 18-5.	policies.
			page 18-5.

User Guide for Cisco Secure Access Control System 5.3

	OL-24201-01	2-5

Cisco Systems OL-24201-01 manual Functionality Mapping from ACS 4.x to ACS

Models: OL-24201-01

Functionality Mapping from ACS 4.x to ACS 5.3

Editing Network Device Groups,

Clients, page 7-5.

See Managing Identity

Attributes, page 8-7.

Stores, page 8-4.

See Managing Dictionaries,

policies.