Filter
Top Products
10-48
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10 Managing Access Policies
Security Group Access Control Pages
Related Topics:
• Configuring an NDAC Policy, page 4-25
• NDAC Policy Properties Page, page 10-48
NDAC Policy Properties Page
Use this page to create, duplicate, and edit rules to determine the SGT for a device.
To display this page, choose Access Policies > Security Group Access Control > Network Device
Access > Authentication Policy, then click Create, Edit, or Duplicate.
Table 10-27 Rule-Based NDAC Policy Page
Option Description
Policy type Defines the type of policy to configure:
• Simple—Specifies the result to apply to all requests.
• Rule-based—Configure rules to apply different results depending on the request.
If you switch between policy types, you will lose your previously saved policy configuration.
Status Rule statuses are:
• Enabled—The rule is active.
• Disabled—ACS does not apply the results of the rule.
• Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit
count are written to the log, and the log entry includes an identification that the rule is monitor only.
The monitor option is especially useful for watching the results of a new rule.
Name Name of the rule. The Default Rule is available for conditions for which:
• Enabled rules are not matched.
• Rules are not defined.
Click a link to edit or duplicate a rule.
You can edit the Default Rule but you cannot delete, disable, or duplicate it.
Conditions Conditions that you can use to define policy rules. To change the display of rule conditions, click the
Customize button. You must have previously defined the conditions that you want to use.
Results Displays the security group assigned to the device when it matches the corresponding condition.
Hit Count Number of times that the rule is matched. Click the Hit Count button to refresh and reset this column.
Customize button Opens the Customize page in which you choose the types of conditions to use in policy rules. A new
Conditions column appears in the Policy page for each condition that you add. You do not need to use
the same set of conditions as in the corresponding authorization policy.
Caution If you remove a condition type after defining rules, you will lose any conditions that you
configured for that condition type.
Hit Count button Opens a window that enables you to reset and refresh the Hit Count display in the Policy page. See
Displaying Hit Counts, page 10-10.