Cisco Systems CSACS3415K9 manuals

Cisco systems CSACS3415K9 User Manual (678 pages)

Brand: Cisco-systems | Category: Software | Size: 9.08 MB |

English

Table of contents

Control System 5.4

1

CONTENTS

3

Contents

10

OL-26225-01

10

12 Managing Alarms 12-1

12

13 Managing Reports 13-1

13

19 Understanding Logging 19-1

19

A AAA Protocols A-1

19

Notices C-1

22

OpenSSL/Open SSL Project C-1

22

License Issues C-1

22

Audience

23

Document Conventions

23

Documentation Updates

24

Related Documentation

24

Table 2 Product Documentation

25

Introducing ACS 5.4

27

ACS Distributed Deployment

28

ACS Licensing Model

29

ACS Management Interfaces

29

ACS Web-based Interface

30

ACS Command Line Interface

30

ACS Programmatic Interfaces

31

Migration Requirements

34

Supported Migration Versions

34

Downloading Migration Files

35

Common Scenarios in Migration

39

ACS 5.x Policy Model

43

Policy Terminology

45

Simple Policies

46

Rule-Based Policies

46

Types of Policies

47

Access Services

48

Access Service Templates

49

Access Services

50

Identity Policy

51

Failure Options

52

Group Mapping Policy

53

Service Selection Policy

54

Rules-Based Service Selection

55

First-Match Rule Tables

56

Policy Conditions

58

Policy Results

58

Prerequisites

61

Policy Terminology, page 3-3

63

Policy Conditions, page 3-16

63

Policy Results, page 3-16

63

Common Scenarios Using ACS

65

Session Administration

67

Command Authorization

68

Password-Based Network Access

69

Using Certificates in ACS

74

Agentless Network Access

76

Host Lookup

77

PAP/EAP-MD5 Authentication

79

Agentless Network Access Flow

80

Previous Step:

81

Next Step:

81

Agentless Network Access

82

VPN Remote Network Access

84

Supported Identity Stores

85

Supported VPN Clients

86

Creating Security Groups

88

Creating SGACLs

89

Configuring an NDAC Policy

89

Creating an Egress Policy

91

Creating a Default Policy

92

Supported Protocols

94

Supported RADIUS Attributes

95

TACACS+ Body Encryption

95

Connection to TACACS+ Server

95

Configuring Proxy Service

96

Understanding My Workspace

97

Task Guides

98

My Account Page

98

Login Banner

99

Using the Web Interface

99

Accessing the Web Interface

100

Logging Out

101

Web Interface Design

102

Navigation Pane

103

Content Area

104

List Pages

105

Web Interface Location

105

Using the Web Interface

107

Filtering

108

Secondary Windows

109

Transfer Boxes

110

Figure 5-10 Transfer Box

111

Rule Table Pages

112

Supported ACS Objects

114

Object Type: User

115

Object Type: Hosts

115

Object Type: Network Device

115

Object Type: Identity Group

116

Object Type: NDG

116

Object Type: Command Set

116

Creating Import Files

117

Creating the Import File

118

Common Errors

121

Deletion Errors

122

Accessibility

123

Keyboard and Mouse Features

124

• To configure access

128

• To configure compound

128

• To configure schedules:

129

• To create threshold alarms:

129

Managing Network Resources

131

Network Device Groups

132

Related Topics

133

Related Topics:

137

IP Address

144

Deleting Network Devices

147

Working with OCSP Services

151

Working with OCSP Services

152

Deleting OCSP Servers

154

Overview

155

External Identity Stores

156

Identity Groups

157

Identity Sequences

158

Authentication Information

159

Managing Identity Attributes

161

Standard Attributes

162

User Attributes

162

Host Attributes

163

Creating Internal Users

165

Deleting Internal Hosts

172

Management Hierarchy

173

LDAP Overview

176

Directory Service

177

Authentication Using LDAP

177

Multiple LDAP Instances

177

Failover

178

LDAP Connection Management

178

Attributes Retrieval

179

Certificate Retrieval

180

Related Topic

181

Secondary Server

182

• Username

185

• Distinguished name

185

Directory Structure

185

Configuring LDAP Groups

187

Viewing LDAP Attributes

188

Microsoft AD

195

Machine Authentication

197

• The user account disabled

198

• The user locked out

198

Machine Access Restrictions

199

MAR Cache Distribution Groups

200

Dial-In Permissions

201

Dial-In Support Attributes

202

Joining ACS to an AD Domain

203

Selecting an AD Group

207

Configuring AD Attributes

208

RSA SecurID Server

211

Editing ACS Instance Settings

215

Configuring Advanced Options

216

RADIUS Identity Stores

217

Password Prompt

218

User Group Mapping

218

Groups and Attributes Mapping

218

User Attribute Cache

220

Configuring General Settings

221

Configuring Shell Prompts

223

Configuring CA Certificates

225

12515 EAP-TLS failed SSL/TLS

227

Supported Name Constraints:

230

Unsupported Name Constraints:

230

Authentication Sequence

231

Attribute Retrieval Sequence

232

Internal User/Host

233

Managing Policy Elements

237

Managing Policy Conditions

238

Deleting a Session Condition

242

Managing Network Conditions

242

Importing Network Conditions

244

Exporting Network Conditions

245

Defining Common Tasks

262

Defining Custom Attributes

265

Managing Access Policies

271

Policy Creation Flow

272

Customizing a Policy

274

Service Selection Policy Page

276

Before You Begin

278

Displaying Hit Counts

280

Configuring Access Services

281

Configuring Access Services

282

Deleting an Access Service

291

Viewing Identity Policies

292

Creating Policy Rules

308

Duplicating a Rule

309

Editing Policy Rules

309

Deleting Policy Rules

310

Types of Compound Conditions

312

Egress Policy Matrix Page

316

NDAC Policy Page

318

NDAC Policy Properties Page

319

Maximum User Sessions

321

Max Session User Settings

322

Max Session Group Settings

322

Max Session Global Setting

323

Purging User Sessions

324

Related topics

325

Dashboard Pages

328

Dashboard Pages

329

Working with Portlets

330

Working with Portlets

331

Adding Tabs to the Dashboard

332

Adding Applications to Tabs

333

Changing the Dashboard Layout

334

Managing Alarms

335

Evaluating Alarm Thresholds

336

Notifying Users of Events

337

Incremental Backup

339

Understanding Alarm Schedules

343

Deleting Alarm Schedules

345

Passed Authentications

348

Failed Authentications

350

Authentication Inactivity

352

TACACS Command Accounting

353

TACACS Command Authorization

354

ACS Configuration Changes

355

ACS System Diagnostics

356

ACS Process Status

357

ACS System Health

358

ACS AAA Health

359

RADIUS Sessions

360

Unknown NAD

361

External DB Unavailable

362

RBACL Drops

363

NAD-Reported AAA Downtime

365

Deleting Alarm Thresholds

367

Deleting Alarm Syslog Targets

370

Managing Reports

371

Working with Favorite Reports

373

Editing Favorite Reports

375

Running Favorite Reports

375

Sharing Reports

376

Working with Catalog Reports

377

Access Service

378

ACS Instance

378

Endpoint

379

Failure Reason

379

Network Device

379

Security Group Access

380

Session Directory

380

Running Catalog Reports

381

Deleting Catalog Reports

382

Running Named Reports

383

Customizing Reports

389

Viewing Reports

390

About Standard Viewer

391

About Interactive Viewer

391

Navigating Reports

392

Table of contents

393

Exporting Report Data

394

Viewing Reports

395

Printing Reports

396

Editing Labels

397

Formatting Labels

398

Formatting Data

398

Resizing Columns

399

Formatting Data in Columns

399

Formatting Data Types

400

Formatting Numeric Data

401

Formatting String Data

403

Formatting Custom String Data

403

415-555-2121

404

Formatting Date and Time

405

Formatting Boolean Data

406

Applying Conditional Formats

407

Organizing Report Data

411

Organizing Report Data

412

Removing Columns

414

Hiding Columns

415

Displaying Hidden Columns

415

Merging Columns

415

Figure 13-29 Separate Columns

416

Figure 13-30 Merged Column

416

Sorting Data

417

Sorting a Single Column

417

Sorting Multiple Columns

417

Grouping Data

419

Adding Groups

420

Removing an Inner Group

421

Creating Report Calculations

422

Working with Aggregate Data

433

Deleting Aggregate Rows

437

Displaying Repeated Values

438

Working with Filters

439

Types of Filter Conditions

440

Setting Filter Values

441

Creating Filters

442

Understanding Charts

446

Modifying Charts

447

Changing Chart Subtype

448

Changing Chart Formatting

448

Understanding Charts

449

Report Viewer

451

Expert Troubleshooter

452

Performing Connectivity Tests

453

Restoring Data from a Backup

475

Viewing Log Collections

476

Log Collection Details Page

478

Recovering Log Messages

480

Viewing Scheduled Jobs

480

Viewing Scheduled Jobs

481

Viewing Process Status

482

Viewing Data Upgrade Status

483

Viewing Failure Reasons

483

Editing Failure Reasons

483

Specifying E-Mail Settings

484

Configuring SNMP Preferences

484

Deleting Collection Filters

486

Understanding Roles

491

Permissions

492

Predefined Roles

493

Changing Role Associations

494

Accounts

495

Viewing Predefined Roles

497

Viewing Role Properties

498

Administrator Identity Policy

503

Administrator Login Process

509

Configuring System Operations

513

Activating Secondary Servers

515

Removing Secondary Servers

516

Promoting a Secondary Server

516

Understanding Local Mode

516

Scheduled Backups

518

Editing Instances

521

Editing Instances

522

Instance Data

523

Deleting a Secondary Instance

525

Management Page

529

Operations Page

529

Instance

535

Configuring TACACS+ Settings

539

Configuring EAP-TLS Settings

540

Configuring PEAP Settings

541

Configuring EAP-FAST Settings

541

Generating EAP-FAST PAC

542

Managing Dictionaries

543

Managing Dictionaries

544

Deleting Certificates

557

Exporting Certificates

558

Configuring Logs

559

Configuring Logs

560

Deleting a Remote Log Target

561

Configuring the Local Log

562

Deleting Local Log Data

562

Viewing ADE-OS Logs

566

Configure Logged Attributes

569

Displaying Logging Categories

570

Configuring the Log Collector

571

Licensing Overview

572

Installing a License File

573

Viewing the Base License

574

Available Downloads

578

Available Downloads

579

Downloading Rest Services

580

Understanding Logging

581

Using Log Targets

582

Logging Categories

582

About Logging

583

Log Message Severity Levels

584

Local Store Target

585

Critical Log Target

587

Remote Syslog Server Target

588

CSCOacs string

589

Viewing Log Messages

590

Debug Logs

591

:\Program Files\CiscoSecu

592

AAA Protocols

595

Appendix A AAA Protocols

596

Typical Use Cases

596

Network device

597

ACS Runtime

597

Identity

597

Overview of TACACS+

599

Overview of RADIUS

600

ACS 5.4 as the AAA Server

601

Overview of RADIUS

602

Authentication

603

Authorization

603

Accounting

603

Add Attribute

604

Update Attribute

604

RADIUS Access Requests

605

• Service type

606

• Protocol type

606

• Access list to apply

606

Authentication in ACS 5.4

607

RADIUS PAP Authentication

609

Overview of EAP-MD5

611

EAP- MD5 Flow in ACS 5.4

611

Overview of EAP-TLS

612

PKI Authentication

613

PKI Credentials

614

Acquiring Local Certificates

615

Certificate Generation

616

Exporting Credentials

617

Credentials Distribution

618

EAP-TLS Flow in ACS 5.4

619

PEAPv0/1

620

Overview of PEAP

621

Fast Reconnect

622

Session Resume

622

PEAP Flow in ACS 5.4

623

Creating the TLS Tunnel

624

EAP-FAST

625

EAP-FAST

626

EAP-FAST in ACS 5.4

627

About Master-Keys

628

About PACs

628

Provisioning Modes

629

Types of PACs

629

Manual PAC Provisioning

631

PAC-Less Authentication

632

EAP-FAST Flow in ACS 5.4

633

EAP-FAST PAC Management

634

Key Distribution Algorithm

635

Revocation Method

635

PAC Migration from ACS 4.x

635

EAP-MSCHAPv2

636

Overview of EAP-MSCHAPv2

637

Certificate Attributes

638

Certificate Binary Comparison

639

Certificate Revocation

640

OpenSSL/Open SSL Project

645

Original SSLeay License:

646

GLOSSARY

649

Glossary

650

XML (eXtensible

667

Markup Language)

667

YEAR function 13-60

678

More products and manuals for Software Cisco Systems

Models	Document Type
OL-8356-01	User Manual Cisco Systems OL-8356-01 User's Manual, 4 pages
OL-8155-01	User Manual Cisco Systems OL-8155-01 User's Manual, 150 pages
MGX and SES	User Manual Cisco Systems MGX and SES User's Manual, 90 pages
H.323/SIP	User's Guide Cisco Systems H.323/SIP Administrator's Guide, 54 pages
ESW 500	User Manual Cisco Systems ESW 500 User's Manual, 442 pages
SFS 3012R	Installation Manual Cisco Systems SFS 3012R Installation Manual, 84 pages
ICM Software Version 4.5	User Manual Cisco Systems ICM Software Version 4.5 User's Manual [sk] , 328 pages
OL-11390-01	User Manual Cisco Systems OL-11390-01 User's Manual, 20 pages
ONS 15327	User Manual Cisco Systems ONS 15327 User's Manual, 42 pages
OL-3995-01	User Manual Cisco Systems OL-3995-01 User's Manual, 120 pages
6500/7600	User Manual Cisco Systems 6500/7600 User's Manual [sk] , 134 pages
OL-7029-01	User Manual Cisco Systems OL-7029-01 User's Manual, 342 pages
OL-14361-01	User Manual Cisco Systems OL-14361-01 User's Manual, 28 pages
N3KC3064TFAL3	User Manual Cisco Systems N3KC3064TFAL3 User's Manual, 164 pages
1.4	User Manual Cisco Systems 1.4 User's Manual, 146 pages
OL-5385-01	User Manual Cisco Systems OL-5385-01 User's Manual, 22 pages
OL-6415-04	User Manual Cisco Systems OL-6415-04 User's Manual, 188 pages
OL-10984-01	User Manual Cisco Systems OL-10984-01 User's Manual, 104 pages
SMC-127	User Manual Cisco Systems SMC-127 User's Manual [en] , 40 pages
PGW 2200	User's Guide Cisco Systems PGW 2200 Installation & Configuration Guide, 436 pages

Cisco Systems devices