Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.0 Device Administration Authorization Policy

I am configuring ACS 5.0 and have some problem which I do not understand.

I have 3 policy created to access Cisco routers and switches.

I am trying to have authentication run trhough the AD then local DB if user not found in AD or AD not available.

I build 3 rules/policies for testing.

One policy configured with AD only. This one is working.

One policy with Local users only. This one is working as well.

And I am trying to have 3rd policy which combines first two rules.

And this one does not work.

I have access to the configured privilege level with policy 1 and 2.

And that access goes through authentication only. The access level granted on authentication pass only ( I can see it in the log).

But for the 3rd rule/policy. I can see that authentication passed (for both AD users and local users). But then it does not go through authorization.

Could you please help me out?

I must be missing something.

How Conditions works if I have more than one condition (in my case AD authentication or Local).

Why I did not get through the aothorisation stage in first 2 rules and bumped into it in the third rule.

Thank you.

Cisco Employee

Re: ACS 5.0 Device Administration Authorization Policy

I am not clear on the setup. Can you please clarify:

- how many access services?

- for each access policy what is defined in the identity policy and in the authorization policy