Filter
Top Products
10-49
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10 Managing Access Policies
Security Group Access Control Pages
Note For endpoint admission control, you must define an access service and session authorization policy. See
Configuring Network Access Authorization Rule Properties, page 10-31 for information about creating
a session authorization policy.
Related Topics:
• Configuring an NDAC Policy, page 4-25
• NDAC Policy Page, page 10-47
Table 10-28 NDAC Policy Properties Page
Option Description
General
Name Name of the rule. If you are duplicating a rule, you must enter a unique name as a minimum
configuration; all other fields are optional.
Status Rule statuses are:
• Enabled—The rule is active.
• Disabled—ACS does not apply the results of the rule.
• Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit
count are written to the log, and the log entry includes an identification that the rule is monitor
only. The monitor option is especially useful for watching the results of a new rule.
Conditions
conditions Conditions that you can configure for the rule. The default value for each condition is ANY. To change
the value for a condition, check the condition check box, then enter the value.
If compound expression conditions are available, when you check Compound Expression, an
expression builder appears. For more information, see Configuring Compound Conditions,
page 10-40.
To change the list of conditions for the policy, click the Customize button in the NDAC Policy Page,
page 10-47.
Results
Security Group Select the security group to assign to the device when it matches the corresponding conditions.