ACS 5.1 Evaluation Limitations

DOUGLAS DRURY · ‎03-31-2013

I've setup a Cisco Secure ACS server 5.1 in VMware ESXi everything seems to be working fine, however under the options for Policy Elements > Authorization and Permissions > Device Administration > Command Sets there is a command called "DenyAllCommands" that was there when i first installed the ACS. Is there any way to remove this? When I try to remove it i get an error that thats it can't be removed or modified. I'm writing a report on the Cisco ACS for university, if this is a limitation of the evaluation licence I will need to reference it. Can anyone confirm if this is a limitation and provide a link to a cisco page that confirms this.

Amjad Abdullah · ‎03-31-2013

Douglas,

That is a built-in command set. DenyAllCommands is the default value. It is -almost- the same as the implicit deny all setence when you configure control access list (ACL) on a a router.

So, that is OK.

In "Shell Profiles" and Authorization Profiles" also there is a "Permit Access" profile that is built-in and can not be removed or modified.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

DOUGLAS DRURY · ‎04-01-2013

Hi Amjad

Thanks for your reply. Is there any reference on Cisco.com that confirms what you said? Because I'm writing a report on the Cisco ACS and need to

reference this.

Thanks

Douglas