Filter
Top Products
9-23
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9 Managing Policy Elements
Managing Authorizations and Permissions
Creating and Editing Security Groups
Use this page to view names and details of security groups and security group tags (SGTs), and to open
pages to create, duplicate, and edit security groups.
When you create a security group, ACS generates a unique SGT. Network devices can query ACS for
SGT information. The network device uses the SGT to tag, or paint, packets at ingress, so that the
packets can be filtered at Egress according to the Egress policy. See Egress Policy Matrix Page,
page 10-45, for information on configuring an Egress policy.
Step 1 Select Policy Elements > Authorizations and Permissions > Network Access > Security Groups.
The Security Groups page appears as described in Table 9-7:
Step 2 Click:
• Create to create a new security group.
• Duplicate to duplicate a security group.
• Edit to edit a security group.
Step 3 Enter the required information in the Name and Description fields, then click Submit.
Related Topic
• Creating Security Groups, page 4-24
Creating, Duplicating, and Editing a Shell Profile for Device Administration
You can configure Cisco IOS shell profile and command set authorization. Shell profiles and command
sets are combined for authorization purposes. Shell profile authorization provides decisions for the
following capabilities for the user requesting authorization and is enforced for the duration of a user’s
session:
• Privilege level.
• General capabilities, such as device administration and network access.
Shell profile definitions are split into two components:
• Common tasks
• Custom attributes
Table 9-7 Security Groups Page
Option Description
Name The name of the security group.
SGT (Dec / Hex) Representation of the security group tag in decimal and hexadecimal format.
Description The description of the security group.