Support User Manuals

Cisco Systems 4.2 Server User Manual

Open as PDF

of 214

4-3

Configuration Guide for Cisco Secure ACS 4.2

OL-14390-02

Chapter 4 Using RDBMS Synchronization to Create dACLs and Specify Network Configuration

Using RDBMS Synchronization to Configure dACLs

Example 4-1 shows a sample text file.

Example 4-1 Sample Text File for Creating a dACL

[DACL#1]

Name = DACL_For_Troy

Description = Test_DACL_For_ACS_42

Content#1= content1

Definition#1#1= permit ip any host 192.168.1.152

Definition#1#2= permit ip any host 192.168.5.152

Definition#1#3= permit ip any host 192.168.29.33

Definition#1#4= permit ip any host 192.168.29.34

Definition#1#5= permit ip any host 192.168.9.50

Definition#1#6= permit ip any host 192.168.9.20

Definition#1#7= permit ip any host 192.168.7.20

Definition#1#8= permit ip any host 192.168.128.1

Definition#1#9= permit ip any 192.168.24.0 0.0.0.255

Definition#1#10= permit ip any 192.168.0 0.0.0.255

Definition#1#11= permit ip any 192.0.0.0 0.255.255.255

Definition#1#12= deny ip any 192.168.0.0 0.3.255.255

Definition#1#13= deny ip any 192.168.0.0 0.1.255.255

Definition#1#14= permit ip any any

Step 2 Code the information in the file as described in Table 4-1.

Step 3 Save the file:

• ACS for Windows—Save the file to a directory on the Windows machine that is running ACS.

• ACS SE—Save the file to a directory on an FTP server used with the ACS SE.

Ta b l e 4-1 Keywords for Creating a dACL By Coding a Text File

Keyword Value

dACL number The first line of the text file must specify the dACL number, enclosed in square

brackets; for example,

[DACL#n], where n is the number of the dACL. In

Example 4-1, the first line specifies DACL#1, because the file specifies only one

dACL.

Name Specifies the name of the dACL that is created when you run CSDBSync.

Description Specifies a short description of the dACL.

Content Specifies the number of a content block that consists of definitions for access

privileges associated with the dACL. This keyword has the format

Content#n,

where

n specifies the number of the content block. The file shown in

Example 4-1 has only one content block.

Definition keywords Specify a series of permit IP or deny ip commands that ACS applies to Users

or Groups to which you associate the dACL. Each Definition keyword has the

format

Definition #n#n1, where n is the number of the content block of

definition keywords and n1 is the number of each definition.

previous next