Filter
Top Products
9-18
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9 Managing Policy Elements
Managing Authorizations and Permissions
Creating, Duplicating, and Editing Authorization Profiles for Network Access
You create authorization profiles to define how different types of users are authorized to access the
network. For example, you can define that a user attempting to access the network over a VPN
connection is treated more strictly than a user attempting to access the network through a wired
connection.
An authorization profile defines the set of attributes and values that the Access-Accept response returns.
You can specify:
• Common data, such as VLAN information, URL for redirect, and more. This information is
automatically converted to the raw RADIUS parameter information.
• RADIUS authorization parameters—You can select any RADIUS attribute and specify the
corresponding value to return.
You can duplicate an authorization profile to create a new authorization profile that is the same, or
similar to, an existing authorization profile. After duplication is complete, you access each authorization
profile (original and duplicated) separately to edit or delete them.
After you create authorization profiles, you can use them as results in network access session
authorization policies.
To create, duplicate, or edit an authorization profile:
Step 1 Select Policy Elements > Authorization and Permissions > Network Access > Authorization Profile.
The Authorization Profiles page appears with the fields described in Table 9-3:
Step 2 Do one of the following:
• Click Create.
• Check the check box next to the authorization profile that you want to duplicate and click Duplicate.
• Click the name that you want to modify; or, check the check box next to the name that you want to
modify and click Edit.
The Authorization Profile Properties page appears.
Step 3 Enter valid configuration data in the required fields in each tab. See:
• Specifying Authorization Profiles, page 9-19
• Specifying Common Attributes in Authorization Profiles, page 9-19
• Specifying RADIUS Attributes in Authorization Profiles, page 9-21
Step 4 Click Submit.
The authorization profile is saved. The Authorization Profiles page appears with the authorization profile
that you created or duplicated.
Table 9-3 Authorization Profiles Page
Option Description
Name List of existing network access authorization definitions.
Description Display only. The description of the network access authorization definition.