Cisco Systems 4.2 Server User Manual


  Open as PDF
of 214
 
CHAPTER
4-1
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
4
Using RDBMS Synchronization to Create dACLs
and Specify Network Configuration
This chapter describes how to configure ACS 4.2 to enable new RDBMS Synchronization features
introduced with ACS 4.2.
For detailed information on RDBMS Synchronization, see “RDBMS Synchronization” in Chapter 8 of
the User Guide for Cisco Secure ACS, 4.2, “System Configuration: Advanced.”
For detailed information on the accountActions codes to use with RDBMS Synchronization, see
Appendix E of the User Guide for Cisco Secure ACS, 4.2, “RDBMS Synchronization Import
Definitions.”
This chapter contains:
New RDBMS Synchronization Features in ACS Release 4.2, page 4-1
Using RDBMS Synchronization to Configure dACLs, page 4-2
Reading, Updating, and Deleting dACLs, page 4-12
Updating or Deleting dACL Associations with Users or Groups, page 4-14
Using RDBMS Synchronization to Specify Network Configuration, page 4-14
New RDBMS Synchronization Features in ACS Release 4.2
ACS 4.2 provides enhanced support for RDBMS Synchronization:
Configuration of Downloadable ACLs (dACLs) for Specified Users and Groups—You can
specify dACLs by entering permit ip and deny ip commands in a comma-separated value (CSV)
accountActions file. By using new account action codes that you include in the accountActions file,
you can create a dACL that contains the commands that the text file specifies.
On ACS for Windows, you can perform dACL configuration from the RDBMS Synchronization
page in the ACS GUI or by running the CSDBSync command.
On the ACS SE, you can perform dACL configuration from the RDBMS Synchronization page in
the ACS SE GUI; or, connect to the ACS SE by using an SSH client and then running the csdbsync
-syncnow command from the SSH shell.
Support for Creation, Reading, Updating, and Deleting of Single or Multiple AAA Clients
Through RDBMS Synchronization—With the capability to read AAA client data, you can export
the AAA client list for a particular NDG, an AAA client list with a specified IP range, or the list of
all AAA clients.
 previous next