Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 311

    Page 311 10-47 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Security Group Access Control Pages NDAC Policy Page The Network Device Admission Control (NDAC) policy determines the SGT for network devices in a Security Group Access environment. The NDAC policy handles: Peer authorization requests from one device about its neighbor. Environment requests (a device is collecting information about itself). The policy returns the same SGT for a specific... 
    10-47
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Security Group Access Control Pages
NDAC Policy Page
The Network Device Admission Control (NDAC) policy determines the SGT for network devices in a 
Security Group Access environment. The NDAC policy handles:
Peer authorization requests from one device about its neighbor.
Environment requests (a device is collecting information about itself).
The policy returns the same SGT for a specific...

    Page 312

    Page 312 10-48 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Security Group Access Control Pages Related Topics: Configuring an NDAC Policy, page 4-25 NDAC Policy Properties Page, page 10-48 NDAC Policy Properties Page Use this page to create, duplicate, and edit rules to determine the SGT for a device. To display this page, choose Access Policies > Security Group Access Control > Network Device Access > Authentication Policy, then click Create,... 
    10-48
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Security Group Access Control Pages
Related Topics:
Configuring an NDAC Policy, page 4-25
NDAC Policy Properties Page, page 10-48
NDAC Policy Properties Page
Use this page to create, duplicate, and edit rules to determine the SGT for a device. 
To display this page, choose Access Policies > Security Group Access Control > Network Device 
Access > Authentication Policy, then click Create,...

    Page 313

    Page 313 10-49 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Security Group Access Control Pages NoteFor endpoint admission control, you must define an access service and session authorization policy. See Configuring Network Access Authorization Rule Properties, page 10-31 for information about creating a session authorization policy. Related Topics: Configuring an NDAC Policy, page 4-25 NDAC Policy Page, page 10-47 Table 10-28 NDAC Policy... 
    10-49
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Security Group Access Control Pages
NoteFor endpoint admission control, you must define an access service and session authorization policy. See 
Configuring Network Access Authorization Rule Properties, page 10-31 for information about creating 
a session authorization policy.
Related Topics:
Configuring an NDAC Policy, page 4-25
NDAC Policy Page, page 10-47
Table 10-28 NDAC Policy...

    Page 314

    Page 314 10-50 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Maximum User Sessions Network Device Access EAP-FAST Settings Page Use this page to configure parameters for the EAP-FAST protocol that the NDAC policy uses. To display this page, choose Access Policies > Security Group Access Control > Network Device Access. Related Topics: Configuring an NDAC Policy, page 4-25 Configuring EAP-FAST Settings for Security Group Access, page 4-26 NDAC Policy... 
    10-50
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Maximum User Sessions
Network Device Access EAP-FAST Settings Page
Use this page to configure parameters for the EAP-FAST protocol that the NDAC policy uses.
To display this page, choose Access Policies > Security Group Access Control > Network Device 
Access.
Related Topics:
Configuring an NDAC Policy, page 4-25
Configuring EAP-FAST Settings for Security Group Access, page 4-26
NDAC Policy...

    Page 315

    Page 315 10-51 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Maximum User Sessions Max Session User Settings You can configure maximum user session to impose maximum session value for each users. To configure maximum user sessions: Step 1Choose Access Policies > Max User Session Policy > Max Session User Settings. Step 2Specify a Max User Session Value, for the maximum number of concurrent sessions permitted. Step 3Check the Unlimited Sessions... 
    10-51
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Maximum User Sessions
Max Session User Settings
You can configure maximum user session to impose maximum session value for each users.
To configure maximum user sessions:
Step 1Choose Access Policies > Max User Session Policy > Max Session User Settings.
Step 2Specify a Max User Session Value, for the maximum number of concurrent sessions permitted.
Step 3Check the Unlimited Sessions...

    Page 316

    Page 316 10-52 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Maximum User Sessions Unlimited is selected by default. Group level session is applied based on the hierarchy. For example: The group hierarchy is America:US:West:CA and the maximum sessions are as follows: America: 100 max sessions US: 80 max sessions West: 75 max sessions CA: 50 max sessions If the user belongs to America/US/West, ACS will check that the number of session does not exceed... 
    10-52
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Maximum User Sessions
Unlimited is selected by default. Group level session is applied based on the hierarchy. For example:
The group hierarchy is America:US:West:CA and the maximum sessions are as follows:
America: 100 max sessions
US: 80 max sessions
West: 75 max sessions
CA: 50 max sessions
If the user belongs to America/US/West, ACS will check that the number of session does not exceed...

    Page 317

    Page 317 10-53 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Maximum User Sessions Related topics Maximum User Sessions, page 10-50 Max Session User Settings, page 10-51 Max Session Group Settings, page 10-51 Purging User Sessions, page 10-53 Maximum User Session in Distributed Environment, page 10-54 Maximum User Session in Proxy Scenario, page 10-55 Purging User Sessions You can use the Purge option only when users are listed as Logged-in but... 
    10-53
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Maximum User Sessions
Related topics
Maximum User Sessions, page 10-50
Max Session User Settings, page 10-51
Max Session Group Settings, page 10-51
Purging User Sessions, page 10-53
Maximum User Session in Distributed Environment, page 10-54
Maximum User Session in Proxy Scenario, page 10-55
Purging User Sessions
You can use the Purge option only when users are listed as Logged-in but...

    Page 318

    Page 318 10-54 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Maximum User Sessions The Purge User Session page appears with a list of all AAA clients. Step 2Select the AAA client for which you want to purge the user sessions. Step 3Click Get Logged-in User List. A list of all the logged in users is displayed. Step 4Click Purge All Sessions to purge all the user session logged in to the particular AAA client. Related topics Maximum User Sessions, page... 
    10-54
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Maximum User Sessions
The Purge User Session page appears with a list of all AAA clients.
Step 2Select the AAA client for which you want to purge the user sessions.
Step 3Click Get Logged-in User List.
A list of all the logged in users is displayed.
Step 4Click Purge All Sessions to purge all the user session logged in to the particular AAA client.
Related topics
Maximum User Sessions, page...

    Page 319

    Page 319 10-55 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Maximum User Sessions Maximum User Session in Proxy Scenario Authentication and accounting requests should be sent to the same ACS server, else the Maximum Session feature will not work as desired. Related topics Maximum User Sessions, page 10-50 Max Session User Settings, page 10-51 Max Session Group Settings, page 10-51 Max Session Global Setting, page 10-52 Purging User Sessions, page... 
    10-55
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Maximum User Sessions
Maximum User Session in Proxy Scenario
Authentication and accounting requests should be sent to the same ACS server, else the Maximum 
Session feature will not work as desired.
Related topics
Maximum User Sessions, page 10-50
Max Session User Settings, page 10-51
Max Session Group Settings, page 10-51
Max Session Global Setting, page 10-52
Purging User Sessions, page...

    Page 320

    Page 320 10-56 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 10 Managing Access Policies Maximum User Sessions 
    10-56
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10      Managing Access Policies
  Maximum User Sessions
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals