Filter
Top Products
9-5
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9 Managing Policy Elements
Managing Policy Conditions
Creating, Duplicating, and Editing a Custom Session Condition
The protocol and identity dictionaries contain a large number of attributes. To use any of these attributes
as a condition in a policy rule, you must first create a custom condition for the attribute. In this way, you
define a smaller subset of attributes to use in policy conditions, and present a smaller focused list from
which to choose condition types for rule tables.
You can also include protocol and identity attributes within compound conditions. See Configuring
Compound Conditions, page 10-40 for more information on compound conditions.
To create a custom condition, you must select a specific protocol (RADIUS or TACACS+) or identity
attribute from one of the dictionaries, and name the custom condition. See Configuring Global System
Options, page 18-1 for more information on protocol and identity dictionaries.
When you create a custom condition that includes identity or RADIUS attributes, you can also include
the definition of the attributes. You can thus easily view any existing custom conditions associated with
a particular attribute.
To create, duplicate, or edit a custom session condition:
Step 1 Select Policy Elements > Session Conditions > Custom.
The Custom Conditions page appears.
Step 2 Do one of the following:
• Click Create.
• Check the check box next to the condition you want to duplicate and click Duplicate.
• Click the name that you want to modify; or, check the check box next to the condition that you want
to modify and click Edit.
The Custom Condition Properties page appears.
Step 3 Enter valid configuration data in the required fields as shown in Table 9-2:
To add custom conditions to a policy, you must first customize the rule table. See Customizing a Policy,
page 10-4.
Table 9-2 Policy Custom Condition Properties Page
Option Description
General
Name Name of the custom condition.
Description Description of the custom condition.
Condition
Dictionary Choose a specific protocol or identity dictionary from the drop-down list box.
Attribute Click Select to display the list of external identity store dictionaries based on the selection you made in the
Dictionary field. Select the attribute that you want to associate with the custom condition, then click OK. If
you are editing a custom condition that is in use in a policy, you cannot edit the attribute that it references.