Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 41

    Page 41 2-9 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 2 Migrating from ACS 4.x to ACS 5.3 Common Scenarios in Migration Step 3Perform bulk import of data into ACS 5.3. For more information on performing bulk import of ACS objects, see http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/sdk/ cli_imp_exp.html#wp1056244. The data from your other AAA servers is now available in ACS 5.3. 
    2-9
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 2      Migrating from ACS 4.x to ACS 5.3
  Common Scenarios in Migration
Step 3Perform bulk import of data into ACS 5.3.
For more information on performing bulk import of ACS objects, see 
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/sdk/
cli_imp_exp.html#wp1056244.
The data from your other AAA servers is now available in ACS 5.3.

    Page 42

    Page 42 2-10 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 2 Migrating from ACS 4.x to ACS 5.3 Common Scenarios in Migration 
    2-10
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 2      Migrating from ACS 4.x to ACS 5.3
  Common Scenarios in Migration

    Page 43

    Page 43 CH A P T E R 3-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 3 ACS 5.x Policy Model ACS 5.x is a policy-based access control system. The term policy model in ACS 5.x refers to the presentation of policy elements, objects, and rules to the policy administrator. ACS 5.x uses a rule-based policy model instead of the group-based model used in the 4.x versions. This section contains the following topics: Overview of the ACS 5.x Policy Model, page 3-1 Access Services, page 3-6 Service... 
    CH A P T E R
3-1
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
3
ACS 5.x Policy Model
ACS 5.x is a policy-based access control system. The term policy model in ACS 5.x refers to the 
presentation of policy elements, objects, and rules to the policy administrator. ACS 5.x uses a rule-based 
policy model instead of the group-based model used in the 4.x versions.
This section contains the following topics:
Overview of the ACS 5.x Policy Model, page 3-1
Access Services, page 3-6
Service...

    Page 44

    Page 44 3-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Overview of the ACS 5.x Policy Model For example, we use the information described for the group-based model: If identity-condition, restriction-condition then authorization-profile In ACS 5.3, you define conditions and results as global, shared objects. You define them once and then reference them when you create rules. ACS 5.3 uses the term policy elements for these shared objects, and they are... 
    3-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Overview of the ACS 5.x Policy Model
For example, we use the information described for the group-based model:
If identity-condition, restriction-condition then authorization-profile
In ACS 5.3, you define conditions and results as global, shared objects. You define them once and then 
reference them when you create rules. ACS 5.3 uses the term policy elements for these shared objects, 
and they are...

    Page 45

    Page 45 3-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Overview of the ACS 5.x Policy Model Policy Terminology Ta b l e 3 - 2 describes the rule-based policy terminology. Table 3-2 Rule-Based Policy Terminology Term Description Access service Sequential set of policies used to process access requests. ACS 5.x allows you to define multiple access services to support multiple, independent, and isolated sets of policies on a single ACS system. There... 
    3-3
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Overview of the ACS 5.x Policy Model
Policy Terminology
Ta b l e 3 - 2 describes the rule-based policy terminology.
Table 3-2  Rule-Based Policy Terminology
Term Description
Access service Sequential set of policies used to process access requests. ACS 5.x allows you to define multiple 
access services to support multiple, independent, and isolated sets of policies on a single ACS 
system. 
There...

    Page 46

    Page 46 3-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Overview of the ACS 5.x Policy Model Simple Policies You can configure all of your ACS policies as rule-based policies. However, in some cases, you can choose to configure a simple policy, which selects a single result to apply to all requests without conditions. For example, you can define a rule-based authentication policy with a set of rules for different conditions; or, if you want to use... 
    3-4
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Overview of the ACS 5.x Policy Model
Simple Policies
You can configure all of your ACS policies as rule-based policies. However, in some cases, you can 
choose to configure a simple policy, which selects a single result to apply to all requests without 
conditions. 
For example, you can define a rule-based authentication policy with a set of rules for different 
conditions; or, if you want to use...

    Page 47

    Page 47 3-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Overview of the ACS 5.x Policy Model Types of Policies Ta b l e 3 - 3 describes the types of policies that you can configure in ACS. The policies are listed in the order of their evaluation; any attributes that a policy retrieves can be used in any policy listed subsequently. The only exception is the Identity group mapping policy, which uses only attributes from identity stores. Ta b l e 3 - 3... 
    3-5
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Overview of the ACS 5.x Policy Model
Types of Policies
Ta b l e 3 - 3 describes the types of policies that you can configure in ACS. 
The policies are listed in the order of their evaluation; any attributes that a policy retrieves can be used 
in any policy listed subsequently. The only exception is the Identity group mapping policy, which uses 
only attributes from identity stores.
Ta b l e 3 - 3...

    Page 48

    Page 48 3-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Access Services Access Services Access services are fundamental constructs in ACS 5.x that allow you to configure access policies for users and devices that connect to the network and for network administrators who administer network devices. In ACS 5.x, authentication and authorization requests are processed by access services. An access service consists of the following elements: Identity... 
    3-6
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Access Services
Access Services
Access services are fundamental constructs in ACS 5.x that allow you to configure access policies for 
users and devices that connect to the network and for network administrators who administer network 
devices. 
In ACS 5.x, authentication and authorization requests are processed by access services. An access 
service consists of the following elements:
Identity...

    Page 49

    Page 49 3-7 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Access Services Ta b l e 3 - 5 describes an example of a set of access services. Ta b l e 3 - 6 describes a service selection policy. If ACS 5.3 receives a TACACS+ access request, it applies Access Service A, which authenticates the request according to Identity Policy A. It then applies authorizations and permissions according to the shell/command authorization policy. This service handles all... 
    3-7
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Access Services
Ta b l e 3 - 5 describes an example of a set of access services.
Ta b l e 3 - 6 describes a service selection policy.
If ACS 5.3 receives a TACACS+ access request, it applies Access Service A, which authenticates the 
request according to Identity Policy A. It then applies authorizations and permissions according to the 
shell/command authorization policy. This service handles all...

    Page 50

    Page 50 3-8 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 3 ACS 5.x Policy Model Access Services ACS accepts the results of the requests and returns them to the NAS. You must configure the external RADIUS and TACACS+ servers in ACS for ACS to forward requests to them. You can define the timeout period and the number of connection attempts. The ACS proxy remote target is a list of remote RADIUS and TACACS+ servers that contain the following parameters: IP Authentication port... 
    3-8
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3      ACS 5.x Policy Model
  Access Services
ACS accepts the results of the requests and returns them to the NAS. You must configure the external 
RADIUS and TACACS+ servers in ACS for ACS to forward requests to them. You can define the timeout 
period and the number of connection attempts.
The ACS proxy remote target is a list of remote RADIUS and TACACS+ servers that contain the 
following parameters:
IP
Authentication port...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals