Cisco Acs 5x User Guide
Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.
Page 1
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 User Guide for Cisco Secure Access Control System 5.3 September 2016 Text Part Number: OL-24201-01
Page 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE...
Page 3
iii User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 CONTENTS Prefacexxiii Audiencexxiii Document Conventionsxxiii Documentation Updatesxxiv Related Documentationxxiv Obtaining Documentation and Submitting a Service Requestxxv CHAPTER 1Introducing ACS 5.31-1 Overview of ACS1-1 ACS Distributed Deployment1-2 ACS 4.x and 5.3 Replication1-2 ACS Licensing Model1-3 ACS Management Interfaces1-3 ACS Web-based Interface1-4 ACS Command Line Interface1-4 ACS Programmatic Interfaces1-5 Hardware...
Page 4
Contents iv User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Policy Terminology3-3 Simple Policies3-4 Rule-Based Policies3-4 Types of Policies3-5 Access Services3-6 Identity Policy3-9 Group Mapping Policy3-11 Authorization Policy for Device Administration3-11 Processing Rules with Multiple Command Sets3-11 Exception Authorization Policy Rules3-12 Service Selection Policy3-12 Simple Service Selection3-12 Rules-Based Service Selection3-13 Access Services and Service Selection...
Page 5
Contents v User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Agentless Network Access4-12 Overview of Agentless Network Access4-12 Host Lookup4-13 Authentication with Call Check4-14 Process Service-Type Call Check4-15 PAP/EAP-MD5 Authentication4-15 Agentless Network Access Flow4-16 Adding a Host to an Internal Identity Store4-17 Configuring an LDAP External Identity Store for Host Lookup4-17 Configuring an Identity Group for Host Lookup Network Access Requests4-18 Creating an Access...
Page 6
Contents vi User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 My Account Page5-2 Using the Web Interface5-3 Accessing the Web Interface5-3 Logging In5-4 Logging Out5-5 Understanding the Web Interface5-5 Web Interface Design5-6 Navigation Pane5-7 Content Area5-8 Importing and Exporting ACS Objects through the Web Interface5-18 Supported ACS Objects5-18 Creating Import Files5-20 Downloading the Template from the Web Interface5-21 Understanding the CSV Templates5-21 Creating the Import...
Page 7
Contents vii User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Exporting Network Devices and AAA Clients7-7 Performing Bulk Operations for Network Resources and Users7-8 Exporting Network Resources and Users7-10 Creating, Duplicating, and Editing Network Devices7-10 Configuring Network Device and AAA Clients 7-11 Displaying Network Device Properties7-14 Deleting Network Devices7-17 Configuring a Default Network Device7-17 Working with External Proxy Servers7-19 Creating, Duplicating, and...
Page 8
Contents viii User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Authentication Using LDAP8-20 Multiple LDAP Instances8-20 Failover8-21 LDAP Connection Management8-21 Authenticating a User Using a Bind Connection8-21 Group Membership Information Retrieval8-22 Attributes Retrieval8-23 Certificate Retrieval8-23 Creating External LDAP Identity Stores8-23 Configuring an External LDAP Server Connection8-24 Configuring External LDAP Directory Organization8-26 Deleting External LDAP Identity...
Page 9
Contents ix User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Groups and Attributes Mapping8-58 RADIUS Identity Store in Identity Sequence8-59 Authentication Failure Messages8-59 Username Special Format with Safeword Server8-59 User Attribute Cache8-60 Creating, Duplicating, and Editing RADIUS Identity Servers8-60 Configuring CA Certificates8-65 Adding a Certificate Authority8-66 Editing a Certificate Authority and Configuring Certificate Revocation Lists8-67 Deleting a Certificate...
Page 10
Contents x User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Deleting an Authorizations and Permissions Policy Element9-32 Configuring Security Group Access Control Lists9-33 CHAPTER 10Managing Access Policies10-1 Policy Creation Flow10-1 Network Definition and Policy Goals10-2 Policy Elements in the Policy Creation Flow10-3 Access Service Policy Creation10-4 Service Selection Policy Creation10-4 Customizing a Policy10-4 Configuring the Service Selection Policy10-5 Configuring a Simple...