IBM Tivoli and Cisco manual Configuring the administrative interface to Cisco Secure ACS

Configuring the administrative interface to Cisco Secure ACS

By default, not all features and options of the Cisco Secure ACS administrator interface are enabled. The advanced features required by the IBM Integrated Security Solution for Cisco Networks are not used in common Cisco Secure ACS deployments. For our solution some of these features must be activated. They are used by Cisco Secure ACS to communicate enforcement actions to the NAD.

To enable the appearance of the enforcement action interface in the Cisco Secure ACS administrator interface, perform the following steps:

1.Click Interface Configuration on the Cisco Secure ACS main menu.

2.Click Advanced Options (Figure 7-2)at the bottom of the list of options.

Figure 7-2 Interface Configuration main menu

3.This opens the window in Figure 7-3 on page 217. Under Advanced Options, select:

–Group-Level downloadable ACLs

This enables the appearance of the downloadable ACLs option in the Shared Profile Components and Group Setup interfaces. These are used to cause Cisco Secure ACS to send dynamic access control lists to the NAD to be applied on a client undergoing NAC.

216Building a Network Access Control Solution with IBM Tivoli and Cisco Systems