ACS 5.0 Device Administration Authorization Policy

Unanswered Question
Oct 27th, 2009
User Badges:

I am configuring ACS 5.0 and have some problem which I do not understand.

I have 3 policy created to access Cisco routers and switches.

I am trying to have authentication run trhough the AD then local DB if user not found in AD or AD not available.

I build 3 rules/policies for testing.

One policy configured with AD only. This one is working.

One policy with Local users only. This one is working as well.

And I am trying to have 3rd policy which combines first two rules.

And this one does not work.

I have access to the configured privilege level with policy 1 and 2.

And that access goes through authentication only. The access level granted on authentication pass only ( I can see it in the log).

But for the 3rd rule/policy. I can see that authentication passed (for both AD users and local users). But then it does not go through authorization.

Could you please help me out?

I must be missing something.

How Conditions works if I have more than one condition (in my case AD authentication or Local).

Why I did not get through the aothorisation stage in first 2 rules and bumped into it in the third rule.

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jrabinow Wed, 10/28/2009 - 01:49
User Badges:
  • Cisco Employee,

I am not clear on the setup. Can you please clarify:

- how many access services?

- for each access policy what is defined in the identity policy and in the authorization policy


This Discussion