Filter
Top Products
9-33
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9 Managing Policy Elements
Managing Authorizations and Permissions
Configuring Security Group Access Control Lists
Security group access control lists (SGACLs) are applied at Egress, based on the source and destination
SGTs. Use this page to view, create, duplicate and edit SGACLs. When you modify the name or content
of an SGACL, ACS updates its generation ID. When the generation ID of an SGACL changes, the
relevant Security Group Access network devices reload the content of the SGACL.
SGACLs are also called role-based ACLs (RBACLs).
Step 1 Select Policy Elements > Authorizations and Permissions > Named Permissions Objects > Security
Group ACLs.
The Security Group Access Control Lists page appears with the fields described in Table 9-13:
Step 2 Click one of the following options:
• Create to create a new SGACL.
• Duplicate to duplicate an SGACL.
• Edit to edit an SGACL.
Step 3 Complete the fields in the Security Group Access Control Lists Properties page as described in
Table 9-14:
Step 4 Click Submit.
Table 9-13 Security Group Access Control Lists Page
Option Description
Name The name of the SGACL.
Description The description of the SGACL.
Table 9-14 Security Group Access Control List Properties Page
Option Description
General
Name Name of the SGACL. You cannot use spaces, hyphens (-), question marks (?), or exclamation marks
(!) in the name. After you create an SGACL, its generation ID appears.
Generation ID Display only. ACS updates the generation ID of the SGACL if you change the:
• Name of the SGACL.
• Content of the SGACL (the ACEs).
Changing the SGACL description does not affect the generation ID.
Description Description of the SGACL.
Security Group ACL
Content
Enter the ACL content. Ensure that the ACL definition is syntactically and semantically valid.