Filter
Top Products
4-26
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4 Common Scenarios Using ACS
ACS and Cisco Security Group Access
To configure an NDAC policy for a device:
Step 1 Choose Access Policies > Security Group Access Control > Security Group Access > Network
Device Access > Authorization Policy.
Step 2 Click Customize to select which conditions to use in the NDAC policy rules.
The Default Rule provides a default rule when no rules match or there are no rules defined. The default
security group tag for the Default Rule result is Unknown.
Step 3 Click Create to create a new rule.
Step 4 Fill in the fields in the NDAC Policy Properties page.
Step 5 Click Save Changes.
Configuring EAP-FAST Settings for Security Group Access
Since RADIUS information is retrieved from the PAC, you must define the amount of time for the
EAP-FAST tunnel PAC to live. You can also refresh the time to live for an active PAC.
To configure the EAP-FAST settings for the tunnel PAC:
Step 1 Choose Access Policies > Security Group Access Control > > Network Device Access.
Step 2 Fill in the fields in the Network Device Access EAP-FAST Settings page.
Step 3 Click Submit.
Creating an Access Service for Security Group Access
You create an access service for endpoint admission control policies for endpoint devices, and then you
add the service to the service selection policy.
Note The NDAC policy is a service that is automatically applied to Security Group Access devices. You do
not need to create an access service for Security Group Access devices.
To create an access service:
Step 1 Choose Access Policies > Access Service, and click Create. See Configuring Access Services,
page 10-11, for more information.
Step 2 Fill in the fields in the Access Service Properties—General page as required.
Step 3 In the Service Structure section, choose User selected policy structure.
Step 4 Select Network Access, and check Identity and Authorization.