Chapter10 Se tting Up and Managing Administrators and Policy
Session Policy
10-14
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Allow Automatic Local LoginEnables administrators to start an
administrative session without logging in if they are using a browser on the
Cisco Secure ACS server. Local administrative sessions with automatic local
login are recorded in the Administrative Audit report with the administrator
name local_login.
Note If there are no administrator accounts defined, no administrator name
and password is required to access Cisco Secure ACS locally. This
prevents you from accidentally locking yourself out of
Cisco Secure ACS.
Respond to Invalid IP Address ConnectionsEnables an error message in
response to attempts to start a remote administrative session using an IP
address that is invalid according to the IP address ranges configured in
Access Policy. Disabling this option can help prevent unauthorized users
from discovering your Cisco Secure ACS server.
Lock out Administrator after x successive failed attemptsEnables
Cisco Secure ACS to lock out an administrator after the number of successive
failed login attempts specified in the x box. A value of 0 (zero) in the x box
allows unlimited successive administrative login failures. If this check box i s
selected, the x box cannot be set to zero.
Setting Up Session Policy
For information about session policy options, see Session Policy Options
section on page 10-13.
To setup CiscoSecure ACS Session Policy, follow these steps:
Step 1 In the navigation bar, click Administration Control.
Result: Cisco Secure ACS displays the Administration Control pa ge.
Step 2 Click Session Policy.
Result: The Session Policy Setup page appears.
Step 3 To define the number of minutes of inactivity after which Cisco Secure ACS ends
an administrative session, in the Session idle timeout (minutes) box, type the
number of minutes.