Cisco Systems CSACS3415K9 Manual Do Utilizador
10-8
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 10 Managing Access Policies
Configuring the Service Selection Policy
Creating, Duplicating, and Editing Service Selection Rules
Create service selection rules to determine which access service processes incoming requests. The
Default Rule provides a default access service in cases where no rules are matched or defined.
Default Rule provides a default access service in cases where no rules are matched or defined.
When you create rules, remember that the order of the rules is important. When ACS encounters a match
as it processes the request of a client that tries to access the ACS network, all further processing stops
and the associated result of that match is found. No further rules are considered after a match is found.
as it processes the request of a client that tries to access the ACS network, all further processing stops
and the associated result of that match is found. No further rules are considered after a match is found.
You can duplicate a service selection rule to create a new rule that is the same, or very similar to, an
existing rule. The duplicate rule name is based on the original rule with parentheses to indicate
duplication; for example, Rule-1(1). After duplication is complete, you access each rule (original and
duplicated) separately. You cannot duplicate the Default rule.
existing rule. The duplicate rule name is based on the original rule with parentheses to indicate
duplication; for example, Rule-1(1). After duplication is complete, you access each rule (original and
duplicated) separately. You cannot duplicate the Default rule.
You can edit all values of service selection rules; you can edit the specified access service in the Default
rule.
rule.
Note
To configure a simple policy to apply the same access service to all requests, see
Before You Begin
•
Configure the conditions that you want to use in the service selection policy. See
Note
Identity-related attributes are not available as conditions in a service selection policy.
•
Create the access services that you want to use in the service selection policy. See
. You do not need to configure policies in the
access service before configuring the service selection policy.
•
Configure the types of conditions to use in the policy rules. See
for more information.
To create, duplicate, or edit a service selection policy rule:
Step 1
Select Access Policies > Service Selection Policy. If you:
•
Previously created a rule-based policy, the Rule-Based Service Selection Policy page appears with
a list of configured rules.
a list of configured rules.
•
Have not created a rule-based policy, the Simple Service Selection Policy page appears. Click
Rule-Based.
Rule-Based.
Step 2
Do one of the following:
•
Click Create.
•
Check the check box next to the rule that you want to duplicate; then click Duplicate.
•
Click the rule name that you want to modify; or, check the check box next to the name and click
Edit.
Edit.
The Rule page appears.
Step 3
Enter or modify values:
•
User-defined rules—You can edit any value. Ensure that you include at least one condition. If you
are duplicating a rule, you must change the rule name.
are duplicating a rule, you must change the rule name.