Cisco Systems CSACS3415K9 Benutzerhandbuch
2-5
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 2 Migrating from ACS 4.x to ACS 5.4
Functionality Mapping from ACS 4.x to ACS 5.4
Functionality Mapping from ACS 4.x to ACS 5.4
In ACS 5.4, you define authorizations, shell profiles, attributes, and other policy elements as
independent, reusable objects, and not as part of the user or group definition.
independent, reusable objects, and not as part of the user or group definition.
describes where you configure identities, network resources, and policy elements in ACS 5.4.
Use this table to view and modify your migrated data identities. See
for an overview of the ACS 5.4 policy model.
Table 2-1
Functionality Mapping from ACS 4.x to ACS 5.4
To configure...
In ACS 4.x, choose...
In ACS 5.4, choose...
Additional information for 5.4
Network device groups
Network
Configuration page
Configuration page
Network Resources > Network
Device Groups
Device Groups
See
You can use NDGs as conditions
in policy rules.
in policy rules.
ACS 5.4 does not support NDG
shared password. After
migration, member devices
contain the NDG shared
password information.
shared password. After
migration, member devices
contain the NDG shared
password information.
Network devices and AAA
clients
clients
Network
Configuration page
Configuration page
Network Resources > Network
Devices and AAA Clients
Devices and AAA Clients
See
.
RADIUS KeyWrap keys (KEK
and MACK) are migrated from
ACS 4.x to ACS 5.4.
and MACK) are migrated from
ACS 4.x to ACS 5.4.
User groups
Group Setup page
Users and Identity Stores >
Identity Groups
Identity Groups
See
You can use identity groups as
conditions in policy rules.
conditions in policy rules.
Internal users
User Setup page
Users and Identity Stores >
Internal Identity Stores > Users
Internal Identity Stores > Users
See
ACS 5.4 authenticates internal
users against the internal identity
store only.
users against the internal identity
store only.
Migrated users that used an
external database for
authentication have a default
authentication password that
they must change on first access.
external database for
authentication have a default
authentication password that
they must change on first access.
Internal hosts
Network Access
Profiles >
Authentication
Profiles >
Authentication
Users and Identity Stores >
Internal Identity Stores > Hosts
Internal Identity Stores > Hosts
See
You can use the internal hosts in
identity policies for Host
Lookup.
identity policies for Host
Lookup.
Identity attributes
(user-defined fields)
(user-defined fields)
Interface
Configuration > User
Data Configuration
Configuration > User
Data Configuration
System Administration >
Configuration > Dictionaries >
Identity > Internal Users
Configuration > Dictionaries >
Identity > Internal Users
See
.
Defined identity attribute fields
appear in the User Properties
page. You can use them as
conditions in access service
policies.
appear in the User Properties
page. You can use them as
conditions in access service
policies.