Cisco Systems CSACS3415K9 Manual De Usuario
3-20
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 3 ACS 5.x Policy Model
Flows for Configuring Services and Policies
•
Added users to the internal ACS identity store or add external identity stores. See
,
.
Table 3-8
Steps to Configure Services and Policies
Step
Action
Drawer in Web Interface
Step 1
Define policy results:
•
Authorizations and permissions for device administration—Shell
profiles or command sets.
profiles or command sets.
•
Authorizations and permissions for network access—Authorization
profile.
profile.
See:
•
•
•
Policy Elements
Step 2
(Optional) Define custom conditions to policy rules. You can complete this
step before defining policy rules in Step 6, or you can define custom
conditions while in the process of creating a rule. See
step before defining policy rules in Step 6, or you can define custom
conditions while in the process of creating a rule. See
—
Step 3
Create Access Services—Define only the structure and allowed protocols;
you do not need to define the policies yet. See
you do not need to define the policies yet. See
Access Policies
Step 4
Add rules to Service Selection Policy to determine which access service to
use for requests. See:
use for requests. See:
•
•
Access Policies
Step 5
Define identity policy. Select the identity store or sequence you want to use
to authenticate requests and obtain identity attributes. See
to authenticate requests and obtain identity attributes. See
Users and Identity Stores
Step 6
Create authorization rules:
•
Device administration—Shell/command authorization policy.
•
Network access—Session authorization policy.
See:
•
•
Access Policies