Filter
Top Products
5-8
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 5 Password Policy Configuration Scenario
Step 3: Configure Session Policy
Figure 5-3 The Session Policy Setup Page
Step 2 On the Session Policy Setup page, set session options as required.
You can specify:
• Session idle timeout (minutes)—Specifies the time, in minutes, that an administrative session must
remain idle before ACS terminates the connection (4-character maximum).
When an administrative session terminates, ACS displays a dialog box asking whether the
administrator wants to continue. If the administrator chooses to continue, ACS starts a new
administrative session.
This parameter only applies to the ACS administrative session in the browser. It does not apply to
an administrative dial-up session.
• Allow Automatic Local Login (ACS for Windows Only—Enables administrators to start an
administrative session without logging in, if they are using a browser on the computer that runs ACS.
ACS uses a default administrator account named local_login to conduct these sessions.
When unchecked (disabled), administrators must log in by using administrator names and
passwords.
Note To prevent accidental lockout when there are no defined administrator accounts, ACS does not require
an administrator name and password for local access to ACS.
The local_login administrator account requires the Administration Control privilege. ACS records
administrative sessions that use the local_login account in the Administrative Audit report under the
local_login administrator name.
• Respond to invalid IP address connections—Enables ACS to send an error message in response
to attempts to start a remote administrative session by using an IP address that is invalid according
to the IP address range settings in the Access Policy. If this check box is unchecked, ACS does not
display an error message when a user makes an invalid remote connection attempt. This option is
checked (enabled) by default.
Disabling this option can help to prevent unauthorized users from discovering ACS.