Cisco Systems CSACS3415K9 Manual De Usuario
10-14
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 10 Managing Access Policies
Configuring Access Services
Description
Description of the access service.
Access Service Policy Structure
Based on service template Creates an access service containing policies based on a predefined template. This option is
available only for service creation.
Based on existing service
Creates an access service containing policies based on an existing access service. The new access
service does not include the existing service’s policy rules. This option is available only for
service creation.To replicate a service, including its policy rules, duplicate an existing access
service.
service does not include the existing service’s policy rules. This option is available only for
service creation.To replicate a service, including its policy rules, duplicate an existing access
service.
User selected service type Provides you the option to select the access service type. The available options are Network
Access, Device Administration, and External Proxy. The list of policies you can configure
depends on your choice of access service type.
depends on your choice of access service type.
User Selected Service Type—Network Access and Device Administration
Policy Structure
Identity
Check to include an identity policy in the access service to define the identity store or stores that
ACS uses for authentication and attribute retrieval.
ACS uses for authentication and attribute retrieval.
Group Mapping
Check to include a group mapping policy in the access service to map groups and attributes that
are retrieved from external identity stores to ACS identity groups.
are retrieved from external identity stores to ACS identity groups.
Authorization
Check to include an authorization policy in the access service to apply:
•
Authorization profiles for network access services.
•
Shell profiles and command sets for device administration services.
User Selected Service Type—External Proxy
External Proxy Servers—Select the set of external servers to be used for proxies. You can also determine the order in which these servers
are used.
are used.
Available External Proxy
Servers
Servers
List of available external RADIUS and TACACS+ servers. Select the external servers to be used
for proxy and move them to the Selected External Proxy Servers list.
for proxy and move them to the Selected External Proxy Servers list.
Selected External Proxy
Servers
Servers
List of selected external proxy servers.
Advanced Options
Accounting
Remote Accounting
Check to enable remote accounting.
Local Accounting
Check to enable local accounting.
Username Prefix\Suffix Stripping
Strip start of subject name
up to the first occurrence
of the separator
up to the first occurrence
of the separator
Check to strip the username from the prefix. For example, if the subject name is acme\smith and
the separator is \, the username becomes smith. The default separator is \.
the separator is \, the username becomes smith. The default separator is \.
Strip end of subject name
from the last occurrence
of the separator
from the last occurrence
of the separator
Check to strip the username from the suffix. For example, if the subject name is
smith@acme.com and the separator is @, the username becomes smith. The default separator is
@.
smith@acme.com and the separator is @, the username becomes smith. The default separator is
@.
RADIUS Attributes—The RADIUS attributes are used for manipulating the incoming attributes before sending them to the proxy server.
Add
After you define a RADIUS attribute, click ADD to add it to the RADIUS attributes list.
Table 10-6
Access Service Properties—General Page (continued)
Option
Description