Cisco Systems CSACS3415K9 Manual de usuario Pagina 50
- Pagina / 678
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
3-8
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 3 ACS 5.x Policy Model
Access Services
ACS accepts the results of the requests and returns them to the NAS. You must configure the external
RADIUS and TACACS+ servers in ACS for ACS to forward requests to them. You can define the timeout
period and the number of connection attempts.
The ACS proxy remote target is a list of remote RADIUS and TACACS+ servers that contain the
following parameters:
• IP
• Authentication port
• Accounting port
• Shared secret
• Reply timeout
• Number of retries
• Connection port
• Network timeout
The following information is available in the proxy service:
• Remote RADIUS or TACACS+ servers list
• Accounting proxy local/remote/both
• Strip username prefix/suffix
When a RADIUS proxy server receives a request, it forwards it to the first remote RADIUS or TACACS+
server in the list. If the proxy server does not receive a response within the specified timeout interval and
the specified number of retries, it forwards the request to the next RADIUS or TACACS+ server in the
list.
When the first response arrives from any of the remote RADIUS or TACACS+ servers in the list, the
proxy service processes it. If the response is valid, ACS sends the response back to the NAS.
Table 3-7 lists the differences in RADIUS proxy service between ACS 4.2 and 5.4 releases.
Table 3-7 Differences in RADIUS and TACACS+ Proxy Service Between ACS 4.2 and 5.4
Feature ACS 5.4 ACS 4.2
Configurable timeout (RADIUS) Yes No
Configurable retry count (RADIUS) Yes No
Network timeout (TACACS+) Yes No
Authentication and accounting ports
(RADIUS)
Yes Yes
Connection port (TACACS+) Yes No
Proxy cycles detection Yes (For RADIUS only) No
Username stripping Yes Yes
Accounting proxy (local, remote, or both) Yes Yes
Account delay timeout support (RADIUS) No No
- Control System 5.4 1
- CONTENTS 3
- Contents 10
- OL-26225-01 10
- 12 Managing Alarms 12-1 12
- 13 Managing Reports 13-1 13
- 19 Understanding Logging 19-1 19
- A AAA Protocols A-1 19
- Notices C-1 22
- OpenSSL/Open SSL Project C-1 22
- License Issues C-1 22
- Audience 23
- Document Conventions 23
- Documentation Updates 24
- Related Documentation 24
- Table 2 Product Documentation 25
- Introducing ACS 5.4 27
- ACS Distributed Deployment 28
- ACS Licensing Model 29
- ACS Management Interfaces 29
- ACS Web-based Interface 30
- ACS Command Line Interface 30
- ACS Programmatic Interfaces 31
- Migration Requirements 34
- Supported Migration Versions 34
- Downloading Migration Files 35
- Common Scenarios in Migration 39
- ACS 5.x Policy Model 43
- Policy Terminology 45
- Simple Policies 46
- Rule-Based Policies 46
- Types of Policies 47
- Access Services 48
- Access Service Templates 49
- Access Services 50
- Identity Policy 51
- Failure Options 52
- Group Mapping Policy 53
- Service Selection Policy 54
- Rules-Based Service Selection 55
- First-Match Rule Tables 56
- Policy Conditions 58
- Policy Results 58
- Prerequisites 61
- Policy Terminology, page 3-3 63
- Policy Conditions, page 3-16 63
- Policy Results, page 3-16 63
- Common Scenarios Using ACS 65
- Session Administration 67
- Command Authorization 68
- Password-Based Network Access 69
- Using Certificates in ACS 74
- Agentless Network Access 76
- Host Lookup 77
- PAP/EAP-MD5 Authentication 79
- Agentless Network Access Flow 80
- Previous Step: 81
- Next Step: 81
- Agentless Network Access 82
- VPN Remote Network Access 84
- Supported Identity Stores 85
- Supported VPN Clients 86
- Creating Security Groups 88
- Creating SGACLs 89
- Configuring an NDAC Policy 89
- Creating an Egress Policy 91
- Creating a Default Policy 92
- Supported Protocols 94
- Supported RADIUS Attributes 95
- TACACS+ Body Encryption 95
- Connection to TACACS+ Server 95
- Configuring Proxy Service 96
- Understanding My Workspace 97
- Task Guides 98
- My Account Page 98
- Login Banner 99
- Using the Web Interface 99
- Accessing the Web Interface 100
- Logging Out 101
- Web Interface Design 102
- Navigation Pane 103
- Content Area 104
- List Pages 105
- Web Interface Location 105
- Using the Web Interface 107
- Filtering 108
- Secondary Windows 109
- Transfer Boxes 110
- Figure 5-10 Transfer Box 111
- Rule Table Pages 112
- Supported ACS Objects 114
- Object Type: User 115
- Object Type: Hosts 115
- Object Type: Network Device 115
- Object Type: Identity Group 116
- Object Type: NDG 116
- Object Type: Command Set 116
- Creating Import Files 117
- Creating the Import File 118
- Common Errors 121
- Deletion Errors 122
- Accessibility 123
- Keyboard and Mouse Features 124
- • To configure access 128
- • To configure compound 128
- • To configure schedules: 129
- • To create threshold alarms: 129
- Managing Network Resources 131
- Network Device Groups 132
- Related Topics 133
- Related Topics: 137
- IP Address 144
- Deleting Network Devices 147
- Working with OCSP Services 151
- Working with OCSP Services 152
- Deleting OCSP Servers 154
- Overview 155
- External Identity Stores 156
- Identity Groups 157
- Identity Sequences 158
- Authentication Information 159
- Managing Identity Attributes 161
- Standard Attributes 162
- User Attributes 162
- Host Attributes 163
- Creating Internal Users 165
- Deleting Internal Hosts 172
- Management Hierarchy 173
- LDAP Overview 176
- Directory Service 177
- Authentication Using LDAP 177
- Multiple LDAP Instances 177
- Failover 178
- LDAP Connection Management 178
- Attributes Retrieval 179
- Certificate Retrieval 180
- Related Topic 181
- Secondary Server 182
- • Username 185
- • Distinguished name 185
- Directory Structure 185
- Configuring LDAP Groups 187
- Viewing LDAP Attributes 188
- Microsoft AD 195
- Machine Authentication 197
- • The user account disabled 198
- • The user locked out 198
- Machine Access Restrictions 199
- MAR Cache Distribution Groups 200
- Dial-In Permissions 201
- Dial-In Support Attributes 202
- Joining ACS to an AD Domain 203
- Selecting an AD Group 207
- Configuring AD Attributes 208
- RSA SecurID Server 211
- Editing ACS Instance Settings 215
- Configuring Advanced Options 216
- RADIUS Identity Stores 217
- Password Prompt 218
- User Group Mapping 218
- Groups and Attributes Mapping 218
- User Attribute Cache 220
- Configuring General Settings 221
- Configuring Shell Prompts 223
- Configuring CA Certificates 225
- 12515 EAP-TLS failed SSL/TLS 227
- Supported Name Constraints: 230
- Unsupported Name Constraints: 230
- Authentication Sequence 231
- Attribute Retrieval Sequence 232
- Internal User/Host 233
- Managing Policy Elements 237
- Managing Policy Conditions 238
- Deleting a Session Condition 242
- Managing Network Conditions 242
- Importing Network Conditions 244
- Exporting Network Conditions 245
- Defining Common Tasks 262
- Defining Custom Attributes 265
- Managing Access Policies 271
- Policy Creation Flow 272
- Customizing a Policy 274
- Service Selection Policy Page 276
- Before You Begin 278
- Displaying Hit Counts 280
- Configuring Access Services 281
- Configuring Access Services 282
- Deleting an Access Service 291
- Viewing Identity Policies 292
- Creating Policy Rules 308
- Duplicating a Rule 309
- Editing Policy Rules 309
- Deleting Policy Rules 310
- Types of Compound Conditions 312
- Egress Policy Matrix Page 316
- NDAC Policy Page 318
- NDAC Policy Properties Page 319
- Maximum User Sessions 321
- Max Session User Settings 322
- Max Session Group Settings 322
- Max Session Global Setting 323
- Purging User Sessions 324
- Related topics 325
- Dashboard Pages 328
- Dashboard Pages 329
- Working with Portlets 330
- Working with Portlets 331
- Adding Tabs to the Dashboard 332
- Adding Applications to Tabs 333
- Changing the Dashboard Layout 334
- Managing Alarms 335
- Evaluating Alarm Thresholds 336
- Notifying Users of Events 337
- Incremental Backup 339
- Understanding Alarm Schedules 343
- Deleting Alarm Schedules 345
- Passed Authentications 348
- Failed Authentications 350
- Authentication Inactivity 352
- TACACS Command Accounting 353
- TACACS Command Authorization 354
- ACS Configuration Changes 355
- ACS System Diagnostics 356
- ACS Process Status 357
- ACS System Health 358
- ACS AAA Health 359
- RADIUS Sessions 360
- Unknown NAD 361
- External DB Unavailable 362
- RBACL Drops 363
- NAD-Reported AAA Downtime 365
- Deleting Alarm Thresholds 367
- Deleting Alarm Syslog Targets 370
- Managing Reports 371
- Working with Favorite Reports 373
- Editing Favorite Reports 375
- Running Favorite Reports 375
- Sharing Reports 376
- Working with Catalog Reports 377
- Access Service 378
- ACS Instance 378
- Endpoint 379
- Failure Reason 379
- Network Device 379
- Security Group Access 380
- Session Directory 380
- Running Catalog Reports 381
- Deleting Catalog Reports 382
- Running Named Reports 383
- Customizing Reports 389
- Viewing Reports 390
- About Standard Viewer 391
- About Interactive Viewer 391
- Navigating Reports 392
- Table of contents 393
- Exporting Report Data 394
- Viewing Reports 395
- Printing Reports 396
- Editing Labels 397
- Formatting Labels 398
- Formatting Data 398
- Resizing Columns 399
- Formatting Data in Columns 399
- Formatting Data Types 400
- Formatting Numeric Data 401
- Formatting String Data 403
- Formatting Custom String Data 403
- 415-555-2121 404
- Formatting Date and Time 405
- Formatting Boolean Data 406
- Applying Conditional Formats 407
- Organizing Report Data 411
- Organizing Report Data 412
- Removing Columns 414
- Hiding Columns 415
- Displaying Hidden Columns 415
- Merging Columns 415
- Figure 13-29 Separate Columns 416
- Figure 13-30 Merged Column 416
- Sorting Data 417
- Sorting a Single Column 417
- Sorting Multiple Columns 417
- Grouping Data 419
- Adding Groups 420
- Removing an Inner Group 421
- Creating Report Calculations 422
- Working with Aggregate Data 433
- Deleting Aggregate Rows 437
- Displaying Repeated Values 438
- Working with Filters 439
- Types of Filter Conditions 440
- Setting Filter Values 441
- Creating Filters 442
- Understanding Charts 446
- Modifying Charts 447
- Changing Chart Subtype 448
- Changing Chart Formatting 448
- Understanding Charts 449
- Report Viewer 451
- Expert Troubleshooter 452
- Performing Connectivity Tests 453
- Restoring Data from a Backup 475
- Viewing Log Collections 476
- Log Collection Details Page 478
- Recovering Log Messages 480
- Viewing Scheduled Jobs 480
- Viewing Scheduled Jobs 481
- Viewing Process Status 482
- Viewing Data Upgrade Status 483
- Viewing Failure Reasons 483
- Editing Failure Reasons 483
- Specifying E-Mail Settings 484
- Configuring SNMP Preferences 484
- Deleting Collection Filters 486
- Understanding Roles 491
- Permissions 492
- Predefined Roles 493
- Changing Role Associations 494
- Accounts 495
- Viewing Predefined Roles 497
- Viewing Role Properties 498
- Administrator Identity Policy 503
- Administrator Login Process 509
- Configuring System Operations 513
- Activating Secondary Servers 515
- Removing Secondary Servers 516
- Promoting a Secondary Server 516
- Understanding Local Mode 516
- Scheduled Backups 518
- Editing Instances 521
- Editing Instances 522
- Instance Data 523
- Deleting a Secondary Instance 525
- Management Page 529
- Operations Page 529
- Instance 535
- Configuring TACACS+ Settings 539
- Configuring EAP-TLS Settings 540
- Configuring PEAP Settings 541
- Configuring EAP-FAST Settings 541
- Generating EAP-FAST PAC 542
- Managing Dictionaries 543
- Managing Dictionaries 544
- Deleting Certificates 557
- Exporting Certificates 558
- Configuring Logs 559
- Configuring Logs 560
- Deleting a Remote Log Target 561
- Configuring the Local Log 562
- Deleting Local Log Data 562
- Viewing ADE-OS Logs 566
- Configure Logged Attributes 569
- Displaying Logging Categories 570
- Configuring the Log Collector 571
- Licensing Overview 572
- Installing a License File 573
- Viewing the Base License 574
- Available Downloads 578
- Available Downloads 579
- Downloading Rest Services 580
- Understanding Logging 581
- Using Log Targets 582
- Logging Categories 582
- About Logging 583
- Log Message Severity Levels 584
- Local Store Target 585
- Critical Log Target 587
- Remote Syslog Server Target 588
- CSCOacs string 589
- Viewing Log Messages 590
- Debug Logs 591
- :\Program Files\CiscoSecu 592
- AAA Protocols 595
- Appendix A AAA Protocols 596
- Typical Use Cases 596
- Network device 597
- ACS Runtime 597
- Identity 597
- Overview of TACACS+ 599
- Overview of RADIUS 600
- ACS 5.4 as the AAA Server 601
- Overview of RADIUS 602
- Authentication 603
- Authorization 603
- Accounting 603
- Add Attribute 604
- Update Attribute 604
- RADIUS Access Requests 605
- • Service type 606
- • Protocol type 606
- • Access list to apply 606
- Authentication in ACS 5.4 607
- RADIUS PAP Authentication 609
- Overview of EAP-MD5 611
- EAP- MD5 Flow in ACS 5.4 611
- Overview of EAP-TLS 612
- PKI Authentication 613
- PKI Credentials 614
- Acquiring Local Certificates 615
- Certificate Generation 616
- Exporting Credentials 617
- Credentials Distribution 618
- EAP-TLS Flow in ACS 5.4 619
- PEAPv0/1 620
- Overview of PEAP 621
- Fast Reconnect 622
- Session Resume 622
- PEAP Flow in ACS 5.4 623
- Creating the TLS Tunnel 624
- EAP-FAST 625
- EAP-FAST 626
- EAP-FAST in ACS 5.4 627
- About Master-Keys 628
- About PACs 628
- Provisioning Modes 629
- Types of PACs 629
- Manual PAC Provisioning 631
- PAC-Less Authentication 632
- EAP-FAST Flow in ACS 5.4 633
- EAP-FAST PAC Management 634
- Key Distribution Algorithm 635
- Revocation Method 635
- PAC Migration from ACS 4.x 635
- EAP-MSCHAPv2 636
- Overview of EAP-MSCHAPv2 637
- Certificate Attributes 638
- Certificate Binary Comparison 639
- Certificate Revocation 640
- OpenSSL/Open SSL Project 645
- Original SSLeay License: 646
- GLOSSARY 649
- Glossary 650
- XML (eXtensible 667
- Markup Language) 667
- YEAR function 13-60 678
Relacionado con productos y manuales para Software Cisco Systems CSACS3415K9
Software Cisco Systems OL-8155-01 Manual de usuario
(150 paginas)
(150 paginas)
Software Cisco Systems MGX and SES Manual de usuario
(90 paginas)
(90 paginas)
Software Cisco Systems H.323/SIP Guía de usuario
(54 paginas)
(54 paginas)
Software Cisco Systems ESW 500 Manual de usuario
(442 paginas)
(442 paginas)
Software Cisco Systems OL-11390-01 Manual de usuario
(20 paginas)
(20 paginas)
Software Cisco Systems ONS 15327 Manual de usuario
(42 paginas)
(42 paginas)
Software Cisco Systems OL-3995-01 Manual de usuario
(120 paginas)
(120 paginas)
Software Cisco Systems 6500/7600 Manual de usuario
(134 paginas)
(134 paginas)
Software Cisco Systems OL-7029-01 Manual de usuario
(342 paginas)
(342 paginas)
Software Cisco Systems OL-14361-01 Manual de usuario
(28 paginas)
(28 paginas)
Software Cisco Systems N3KC3064TFAL3 Manual de usuario
(164 paginas)
(164 paginas)
Software Cisco Systems 1.4 Manual de usuario
(146 paginas)
(146 paginas)
Software Cisco Systems OL-5385-01 Manual de usuario
(22 paginas)
(22 paginas)
Software Cisco Systems OL-6415-04 Manual de usuario
(188 paginas)
(188 paginas)
Software Cisco Systems OL-10984-01 Manual de usuario
(104 paginas)
(104 paginas)
Software Cisco Systems SMC-127 Manual de usuario
(40 paginas)
(40 paginas)
Software Cisco Systems PGW 2200 Guía de usuario
(436 paginas)
(436 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.113 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales