Chapter 2 Migrating from ACS 4.x to ACS 5.3

Functionality Mapping from ACS 4.x to ACS 5.3

Functionality Mapping from ACS 4.x to ACS 5.3

In ACS 5.3, you define authorizations, shell profiles, attributes, and other policy elements as independent, reusable objects, and not as part of the user or group definition.

Table 2-1describes where you configure identities, network resources, and policy elements in ACS 5.3. Use this table to view and modify your migrated data identities. See Chapter 3, “ACS 5.x Policy Model” for an overview of the ACS 5.3 policy model.

Table 2-1

Functionality Mapping from ACS 4.x to ACS 5.3

 

 

 

 

 

 

To configure...

 

In ACS 4.x, choose...

In ACS 5.3, choose...

Additional information for 5.3

 

 

 

 

Network device groups

Network

Network Resources > Network

You can use NDGs as conditions

 

 

Configuration page

Device Groups

in policy rules.

 

 

 

See Creating, Duplicating, and

ACS 5.3 does not support NDG

 

 

 

Editing Network Device Groups,

shared password. After

 

 

 

page 7-2.

migration, member devices

 

 

 

 

contain the NDG shared

 

 

 

 

password information.

 

 

 

 

Network devices and AAA

Network

Network Resources > Network

RADIUS KeyWrap keys (KEK

clients

 

Configuration page

Devices and AAA Clients

and MACK) are migrated from

 

 

 

See Network Devices and AAA

ACS 4.x to ACS 5.3.

 

 

 

 

 

 

 

Clients, page 7-5.

 

 

 

 

 

 

User groups

 

Group Setup page

Users and Identity Stores >

You can use identity groups as

 

 

 

Identity Groups

conditions in policy rules.

 

 

 

See Managing Identity

 

 

 

 

Attributes, page 8-7.

 

 

 

 

 

 

Internal users

 

User Setup page

Users and Identity Stores >

ACS 5.3 authenticates internal

 

 

 

Internal Identity Stores > Users

users against the internal identity

 

 

 

See Managing Internal Identity

store only.

 

 

 

 

 

 

 

Stores, page 8-4.

Migrated users that used an

 

 

 

 

external database for

 

 

 

 

authentication have a default

 

 

 

 

authentication password that

 

 

 

 

they must change on first access.

 

 

 

 

 

Internal hosts

 

Network Access

Users and Identity Stores >

You can use the internal hosts in

 

 

Profiles >

Internal Identity Stores > Hosts

identity policies for Host

 

 

Authentication

See Creating Hosts in Identity

Lookup.

 

 

 

 

 

 

 

Stores, page 8-16.

 

 

 

 

 

Identity attributes

Interface

System Administration >

Defined identity attribute fields

(user-defined fields)

Configuration > User

Configuration > Dictionaries >

appear in the User Properties

 

 

Data Configuration

Identity > Internal Users

page. You can use them as

 

 

 

See Managing Dictionaries,

conditions in access service

 

 

 

policies.

 

 

 

page 18-5.

 

 

 

 

 

 

 

 

 

User Guide for Cisco Secure Access Control System 5.3

 

OL-24201-01

2-5

 

 

 

Page 37
Image 37
Cisco Systems OL-24201-01 manual Functionality Mapping from ACS 4.x to ACS