I test ACS 5.1 and have some questions to be answered
General concept suits me well (service policy, access policy and so on). Its very flexible but what Im looking for right now is the way to assign privilege-level attribute only to specific user. I've only managed to assign shell profiles to specific condition, but for me it doesn't make sense to create new rule per each user.
Is there a way to make it different? Similar to version 4.2 of ACS where user attributes overrided group attributes?
And the 2nd question:
what the Dictionaries (TACACS+, RADIUS) are for? they list only attrubutes (there are checkbox but for what purpose?). Where they can be used?
I tried that way and it works however it is not completely what I looking for. Why? Because it makes me to define too many rules in authorization section of Access Services.
In some way it is simple but...
The situation can get worse if other conditions are different and I need to distinguish them additionally by privil-level-condition.
I tried it that way:
I defined a mandatory user attibute (priv-lvl: unsigned integer 32) and assigned Policy Condition Dislpay Name (privil-level-condition).
I have 4 user class and more additional conditions in rule definition (identity group, location, device type, time&date ...)
if all other condtions are the same and only privil-level-condition is different new rules need to be created (which generally are the same) with different "shell profile" result.
Am I correct?
Is this the only way to do this?
how to combine it with IAS RADIUS server which can return AV-attribute (priv-lvl for example). Is this condition and new rule need to be done as well? with shell-provfile result? Doesit always need to be returend (privilege level attribute) as shell-profile result?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :