User Guide for the Cisco Secure Access Control System 5.0
Using the Web Interface
Download this chapter
Using the Web InterfaceUsing the Web Interface
Download the complete book
Whole-book PDFWhole-book PDF (PDF - 8 MB)
 Feedback

Table Of Contents

Using the Web Interface

Accessing the Web Interface

Logging In

Logging Out

Understanding the Web Interface

Web Interface Design

Header

Navigation Pane

Content Area

Web Interface Location

List Pages

Secondary Windows

Rule Table Pages

Common Errors

Concurrency Conflict Errors

Deletion Errors

System Failure Errors

Accessibility

Display and Readability Features

Keyboard and Mouse Features

Obtaining Additional Accessibility Information


Using the Web Interface

You can configure and administer ACS through the ACS web interface, in which you can access pages, perform configuration tasks, and view interface configuration errors. This section describes:

Accessing the Web Interface

Understanding the Web Interface

Common Errors

Accessibility

Accessing the Web Interface

The ACS web interface is supported on HTTPS-enabled Microsoft Internet Explorer versions 6 and 7, and Firefox version 2.x, but not Firefox 3.x.

This section contains:

Logging In

Logging Out

Logging In

To log in to the ACS web interface:

Step 1 Enter the ACS URL in your browser, for example https://<acs_host>/acsadmin, where <acs_host> is the IP address or DNS host name.

The login page appears.

Step 2 Enter ACSAdmin in the Username field; the value is not case-sensitive.

Step 3 Enter default in the Password field; the value is case-sensitive.

Note Click Reset to clear the Username and Password fields and start over, if needed.

Step 4 Click Login or press Enter.

The login page reappears, prompting you to change your password.

Note You are prompted to change your password only the first time that you log in to ACS.

Step 5 Enter default in the Old Password field, then enter a new password in the New Password and the Confirm Password fields.

Note If you forget your username or password, use the acs reset-password command to reset your username to ACSAdmin and your password to default. You are prompted to change your password after a reset. See Command Line Reference for ACS 5.0 for more information.

Step 6 Click Login or press Enter.

You are prompted to install a valid license:

Note The license page only appears the first time that you log in to ACS.

Step 7 See Installing a License File, page 16-27 to install a valid license.

If your login is successful, the main page of the ACS web interface appears.

If your login is unsuccessful, the following error message appears:

Invalid username or password specified.

The Username and Password fields are cleared.

Step 8 Reenter the valid username and password, and click Login.

Logging Out

Click Logout in the ACS web interface header to end your administrative session. A dialog box appears asking if you are sure you want to log out of ACS. Click OK.

Caution For security reasons, Cisco recommends that you log out of the ACS when you complete your administrative session. If you do not log out, the ACS web interface logs you out after 30 minutes of inactivity, and does not save any unsubmitted configuration data.

Understanding the Web Interface

The following sections explain the ACS web interface:

Web Interface Design

Header

Navigation Pane

Content Area

Web Interface Design

Figure 18-1 shows the overall design of the ACS web interface.

Figure 18-1 ACS Web Interface

The interface contains:

Header

Navigation Pane

Content Area

Header

Use the header to:

Identify the current user (your username)

Access the online help

Log out

Access the About information, where you can find information about which ACS web interface version is installed.

These items appear on the right side of the header (see Figure 18-2).

Figure 18-2 Header

Related Topics

Navigation Pane

Content Area

Navigation Pane

Use the navigation pane to navigate through the drawers of the web interface (see Figure 18-3).

Figure 18-3 Navigation Pane

Table 18-1 describes the function of each drawer.

Table 18-1 Navigation Pane Drawers  

Drawer
Function

My Workspace

Access the Task Guide and Welcome page with shortcuts to common tasks and links to more information. See Chapter 5, "Understanding My Workspace" for more information.

Network Resources

Configure network devices, AAA clients, and network device groups. See Chapter 6, "Managing Network Resources" for more information.

Users and Identity Stores

Configure internal users and identity stores. See Chapter 7, "Managing Users and Identity Stores" for more information.

Policy Elements

Configure policy conditions and results. See Chapter 8, "Managing Policy Elements" for more information.

Access Policies

Configure access policies. See Chapter 9, "Managing Access Policies" for more information.

Monitoring and Reports

View log messages. See Chapter 10, "Monitoring and Reporting" for more information.

System Administration

Administer and maintain your ACS. See Chapter 14, "Managing System Administrators" for more information.


To open a drawer, click it. A list of options for that drawer appears. You can view the contents of only one drawer at a time. When you open a drawer, any previously open drawer automatically closes. Click an option to view the hierarchy of items and the current configuration, and perform configuration tasks associated with that option in the content area. See Content Area for more information about the content area.

To hide the navigation pane and expand the content area, click the collapse arrow, which is centered vertically between the navigation pane and content area. Click the collapse arrow again to reveal the navigation pane.

The options listed beneath drawers in the navigation pane are organized in a tree structure, where appropriate. The options in the tree structure are dynamic and can change based on administrator actions. Creating, deleting, or renaming objects in the content area can change the option display in the navigation pane. For example, beneath the Network Resources > Network Device Groups option, there are two preconfigured network device groups (options)—Location and Device Type. Figure 18-4 shows that the administrator has used the Network Device Groups option page to create an additional network device group called Business, which appears in the tree structure in the navigation pane.

Figure 18-4 Navigation Pane—Dynamic Tree Structure

Related Topics

Header

Content Area

Content Area

Use the content area to view your current location in the interface, view your configuration, configure AAA services, and administer your ACS.

The content area can contain:

Web Interface Location

List Pages

Secondary Windows

Rule Table Pages

Web Interface Location

Your current location in the interface appears at the top of the content area. Figure 18-5 shows that the location is the Policy Elements drawer and the Network Devices and AAA Clients page. Using this location as an example, ACS documentation uses this convention to indicate interface locations—Policy Elements > Policy Conditions > Network Devices and AAA Clients > Location. The remainder of the content area shows the content of the chosen page.

The interface location also displays the action that you are configuring. For example, if you are in the Users and Identity Stores > Internal Identity Stores > Users page and you attempt to duplicate a specific user, the interface location is stated as:

Users and Identity Stores > Internal Identity Stores > Users > Duplicate: <user_name>, where <user_name> is the name of the user you chose to duplicate. ACS documentation also uses this convention.

List Pages

List pages contain a list of items (see Figure 18-5).

You can use list pages to delete one or more items from an option that you chose in the navigation pane.

Figure 18-5 List Page

Table 18-2 describes the content area buttons and fields that list pages have in common.

Table 18-2 Common Content Area Buttons and Fields for List Pages 

Button or Field
Description

Rows per page

Use the drop-down list to specify the number of items to display on this page. Options:

10—Up to 10.

25—Up to 25.

50—Up to 50.

100—Up to 100.

Go

Click to display the number of items you specify in the Rows per page field.

Check box or radio button

Chooses or does not choose items in a list, for edit, duplicate, or delete actions. Options:

Check (a check box) or click (a radio button)—Chooses an item.

Check the check box in the header row to choose all items in the list. Check the individual check boxes to choose specific items in the list.

Uncheck (a check box) or unclick (a radio button)—Does not choose an item.

List column

A tabular or hierarchical view of items associated with a specific configuration task. Figure 18-5 shows the list column as a list of configured network device names; the heading of this list column is Name.

Scroll bar

Use the content area scroll bar to view all the data in a page, if needed.

Create

Click to create a new item. A wizard or single page appears in the content area.

Note When you click Create, any selections that you made in the content area are ignored and the content area displays an Edit page with page-specific default values, if any.

Duplicate

Click to duplicate a selected item. A single page or a tabbed page appears in the content area.

Edit

Click to edit a selected item. A single page or a tabbed page appears in the content area.

Delete

Click to delete one or more selected items. A dialog box that queries Are you sure you want to delete item/items? appears for the item, or items, you chose to delete. The confirmation dialog box contains OK and Cancel. Click:

OK—Deletes the selected item or items. The list page appears without the deleted item.

Cancel—Cancels the delete operation. The list page appears with no changes.

Note You can only delete items that you can view on a page, including the content of a page that you can view by using the scroll bar. For tables that span more than one page, your selections of rows to delete for pages that you cannot view are ignored and those selections are not deleted.

Page <num> of n

Enter the number of the page you want to display in the content area of the list page, where <num> is the page you want to display, then click Go.

Note Not available for tree table pages.

Direction arrows

Click the arrows on the lower right side of the content area to access the first page, previous page, next page, or last page. The arrows are active when required.

Note Not available for tree table pages.


Tree table pages are a variation of list pages (see Figure 18-6). You can perform the same operations on tree table pages that you can on list pages, except for paging. In addition, with tree table pages:

A darker background color in a row indicates the top level of a tree.

If the first folder of a tree contains fewer than 50 items, the first folder is expanded and all others are collapsed. You must use the expanding icon (+) to view the contents of the collapsed folders.

If the first folder of a tree contains 50 or more items, all folders in the tree are collapsed. You must click the expanding icon (+) to view the contents of the folders.

If you check the check box for a folder (a parent), it chooses all children of that folder.

If you check the check box of a folder (a parent), and then uncheck any of the children, the parent folder is unchecked automatically.

Figure 18-6 Tree Table Page

Filtering

Large lists in a content area window or a secondary window (see Figure 18-9) can be difficult to navigate through and select the data that you want. You can use the web interface to filter data in these windows to reduce the data that appears in a list, based on criteria and conditions that you choose. Table 18-3 describes the filtering options.

Note Not all filtering options are available in all fields.

Table 18-3 Filtering in the Content Area Window and Secondary Windows 

Button or Field
Description

Filter (drop-down list box)

Select the name of the column from the drop-down list box on which to filter.

Match if (drop-down list box)

Select the condition you want to apply to your filter action:

Contains

Doesn't Contain

Ends With

Equals

Is Empty

Not Empty

Not Equals

Starts With

The condition is applied to the column you select in the Filter drop-down list box.

v (down arrow)

Click to add an additional filter row on which to choose conditions to narrow or expand your filter action. The text And: precedes the additional filter row.

^ (up arrow)

Click to remove an extraneous filter row.

Go

Click to execute your filter action.

Clear Filter

Click to clear any current filter options.

OK

Click to add the selected data to your configuration and close the secondary window.

Note This button is only available in secondary windows (see Figure 18-9).


Note For tree table pages, you can only perform filtering on a root node, the top-most parent.

Sorting

Most nontree list pages support sorting by the Name column or the Description column, when available. You can sort pages in an ascending or descending manner. For pages that do not have a Name or Description column, the sorting mechanism may be supported in the left-most column of the page, or the Description column. Place your cursor over a column heading to determine if sorting is available for a column. If sorting is available, the cursor turns into a hand and the text Click to sort appears.

When a table is sorted, the column heading text darkens and an up arrow or down arrow appears next to the text (see Figure 18-7). Click the arrow to resort in the opposing manner.

Figure 18-7 Sorting Example

Secondary Windows

The content area serves as the launching place for any secondary (popup) windows that you access by clicking Select (see Figure 18-8) from single, tabbed, or wizard pages. You use these secondary windows to filter and select data that you want to use in your configuration (see Figure 18-9 and Table 18-3).

You can select one or more items from a secondary window to include in your configuration, dependent upon the selection option—items listed in a secondary window with radio buttons allow you to select one item to include in your configuration and items listed with check boxes allow you to select multiple items.

Figure 18-8 Select Button—Accesses Secondary Windows

Figure 18-9 Secondary Window

In addition to selecting and filtering data, you can create a selectable object within a secondary window. For example, if you attempt to create a users internal identity store, and click Select to assign the store to an identity group (a selectable object), but the identity group you want to associate it with is not available for selection, you can click Create within the secondary window to create the object you want. After you have created the object and clicked Submit, the secondary window is refreshed with the newly created object, which you can then select for your configuration. In our example, you can select the newly created identity group to assign it to the users internal identity store.

Transfer Boxes

Transfer boxes are a common element in content area pages (see Figure 18-10). You use these boxes to select and remove items for use in your configuration and order them according to your needs. Figure 18-10 shows the transfer box options. Table 18-4 describes the transfer box options.

Figure 18-10 Transfer Box

Table 18-4 Transfer Box Fields and Buttons

Field or Button
Description

Available

List of available items for selection.

Selected

Ordered list of selected items.

Right arrow (>)

Click to move one selected item from the Available list to the Selected list.

Left arrow (<)

Click to move one selected item from the Selected list to the Available list.

Double right arrow (>>)

Click to move all items from the Available list to the Selected list.

Double left arrow (<<)

Click to move all items from the Selected list to the Available list.

Up arrow with above score

Click to move one selected item to the top of the ordered Selected items list.

Up arrow

Click to move one selected item up one position in the ordered Selected items list.

Down arrow

Click to move one selected item down one position in the ordered Selected items list.

Down arrow with underscore

Click to move one selected item to the bottom of the ordered Selected items list.


Schedule Boxes

Schedule boxes are a common element in content area pages (see Figure 18-10). You use them to select active times for a policy element from a grid, where each row represents a day of the week and each square in a row represents an hour in a day. Click one square to make one hour active. Table 18-5 describes the Schedule box options.

Figure 18-11 Schedule Box

Table 18-5 Schedule Box Fields and Buttons 

Field or Button
Description

Mon

A row that indicates Monday of every week of every year.

Tue

A row that indicates Tuesday of every week of every year.

Wed

A row that indicates Wednesday of every week of every year.

Thu

A row that indicates Thursday of every week of every year.

Fri

A row that indicates Friday of every week of every year.

Sat

A row that indicates Saturday of every week of every year.

Sun

A row that indicates Sunday of every week of every year.

0:00 to 24:00

Indicates the hours of a day in columns, where 0:00 = the hour that begins the second after midnight Eastern Standard Time (EST), and 24:00 = midnight to 1:00 a.m., in the time zone in which your ACS instance is located.

Square (of the grid)

Click one square to make one hour active.

Set All

Click to select all squares (hours).

Clear All

Click to deselect all squares (hours).

Undo All

Click to remove your most recent selections.


Rule Table Pages

Rule table pages display the rules that comprise policies. You can reorder rules within a rule table page and submit the policy that is associated with a table. You can access properties and customization pages from rule tables to configure your policies. For more information on specific rule table pages, and properties and customization pages, see Managing Access Policies.

Directly above the rule table are two display options:

Standard Policy—Click to display the standard policy rule table.

Exception Policy—Click to display the exception policy rule table, which takes precedence over the standard policy rule table content.

Table 18-6 describe the common options of standard and exception rule table pages:

Table 18-6 Rule Table Page Options  

Option
Description

#

The ordered column of rules within the rule table. You can renumber the rules by reordering, adding, or deleting rules and then clicking Save Changes to complete the renumbering. New rules are added to the end of the ordered column, so you must reorder them if you want to move a new rule to a different position within the ordered list.

Note You cannot reorder the default (catch-all) rule, which remains at the bottom of the rule table.

Check box

Click one or more check boxes to select associated rules on which to perform actions.

Status

(Display only.) Indicates the status of rules within the rule table. The status can be:

Enabled—Indicated by a green (or light colored) circle with a white check mark.

Disabled—Indicated by a red (or dark colored circle) with a white x.

Monitor-only—Indicated by a gray circle with a black i.

Name

A unique name for each rule (except the default, catch-all rule). Click a name to edit the associated rule. When you add a new rule, it is given a name in the format Rule-<num>, where <num> is the next available consecutive integer. You can edit the name to make it more descriptive. Cisco recommends that you name rules with concatenation of the rule name and the service and policy names.

Conditions

A variable number of condition types are listed, possibly in subcolumns, dependent upon the policy type.

Results

A variable number of result types are listed, possibly in subcolumns, dependent upon the policy type.

Hit Counts column

View the hits counts for rules, where hits indicate which policy rules are invoked.

Rules scroll bar

Use the scroll bar at the right of the rules rows to scroll up and down the rules list.

Conditions and results scroll bar

Use the scroll bar beneath the Conditions and Results columns to scroll left and right through the conditions and results information.

Default rule

Click to configure the catch-all rule. This option is not available for exception policy rule tables.

Customize

Click to open a secondary window where you can determine the set and order of conditions and results used by the rule table.

Hit Counts button

Click to open a secondary window where you can:

View when the hit counters were last reset or refreshed.

View the collection period.

Request a reset or refresh of the hit counts.

See Displaying Hit Counts, page 9-10 for more information.

Move to...

Use the ^ and v buttons to reorder selected rules within the rule table.

Save Changes

Click to submit your configuration changes.

Discard Changes

Click to discard your configuration changes prior to saving them.


Related Topic

ACS 5.0 Policy Model

Common Errors

You might encounter these common errors:

Concurrency Conflict Errors

Deletion Errors

System Failure Errors

Accessibility

Concurrency Conflict Errors

Concurrency conflict errors occur when more than one user tries to update the same object. When you click Submit and the web interface detects an error, a dialog box appears, with an error message and OK button. Read the error message, click OK, and resubmit your configuration, if needed.

Possible error messages, explanations, and recommended actions are: 

Error Message    The item you are trying to Submit has been modified elsewhere while 
you were making your changes.

Explanation    You accessed an item to perform an edit and began to configure it; simultaneously, another user accessed and successfully submitted a modification to it. Your submission attempt failed.

Recommended Action    Click OK to close the error message and display the content area list page. The page contains the latest version of all items. Resubmit your configuration, if needed. 

Error Message    The item you are trying to Submit has been deleted while you were making 
your changes.

Explanation    If you attempt to submit an edited item that another user simultaneously accessed and deleted, your submission attempt fails. This error message appears in a dialog box with an OK button.

Recommended Action    Click OK to close the error message and display the content area list page. The page contains the latest version of all items. The item that you tried to submit is not saved or visible. 

Error Message    The item you are trying to Duplicate from has been deleted.

Error Message    The item you are trying to Edit has been deleted.

Explanation    You attempted to duplicate or edit a selected item that another user deleted at the same time that you attempted to access it.

Recommended Action    Click OK to close the error message and display the content area list page. The page contains the latest version of all items. The item that you tried to duplicate or edit is not saved or visible. 

Error Message    The item you are trying to Submit is referencing items that do not 
exist anymore.

Explanation    You attempted to edit or duplicate an item that is referencing an item that another user deleted while you tried to submit your change.

Recommended Action    Click OK to close the error message and display the previous page, the Create page or the Edit page. Your attempted changes are not saved, nor do they appear in the page. 

Error Message    Import already in progress.

Explanation    You attempted to import a .csv file while a previous import is still in progress. The subsequent import will not succeed. The original import is not interrupted due to this error.

Recommended Action    Click OK to close the error message and display the previous page. Consult the Import Progress secondary window and wait for the Save Log button to become enabled. Save the log, then attempt to import your next .csv file.

Deletion Errors

Deletion errors occur when you attempt to delete an item (or items) that another item references. When you click Delete and an error is detected, a dialog box appears, with an error message and OK button. Read the error message, click OK, and perform the recommended action.

Possible error messages, explanations, and recommended actions are: 

Error Message    The item you are trying to Delete is referenced by other Items. You 
must remove all references to this item before it can be deleted.

Error Message    Some of the items you are trying to Delete are referenced by other 
Items. You must remove all references to the items before they can be deleted.

Explanation    If you attempt to delete one or more items that another item references, the system prevents the deletion.

Recommended Action    Click OK to close the error message and display the content area list page. Your deletion does not occur and the items remain visible in the page. Remove all references to the item or items you want to delete, then perform your deletion.

System Failure Errors

System failure errors occur when a system malfunction is detected. When a system failure error is detected, a dialog box appears, with an error message and OK button. Read the error message, click OK, and perform the recommended action.

Possible error messages, explanations, and recommended actions are: 

Error Message    The following System Failure occurred: <description>.

Where <description> describes the specific malfunction.

Explanation    You have attempted to make a configuration change and the system detected a failure at the same time.

Recommended Action    Click OK to close the error message and display the content area list page. Your changes are not saved. Investigate and troubleshoot the detected malfunction, if possible. 

Error Message    An unknown System Failure occurred.

Explanation    You tried to change the configuration and the system detected an unknown failure at the same time.

Recommended Action    Click OK to close the error message and display the content area list page. Investigate possible system failure causes, if possible.

Accessibility

The ACS 5.0 web interface contains accessibility features for users with vision impairment and mobility limitations.

This section contains the following topics:

Display and Readability Features

Keyboard and Mouse Features

Obtaining Additional Accessibility Information

Display and Readability Features

The ACS 5.0 web interface includes features that:

Increase the visibility of items on the computer screen.

Allow you to use screen reader software to interpret the web interface text and elements audibly.

The display and readability features include:

Useful text descriptions that convey information that appears as image maps and graphs.

Meaningful and consistent labels for tables, buttons, fields, and other web interface elements.

Label placement directly on, or physically near, the element to which they apply.

Color used as an enhancement of information only, not as the only indicator. For example, required fields are associated with a red asterisk.

Confirmation messages for important settings and actions.

User-controllable font, size, color, and contrast of the entire web interface.

Keyboard and Mouse Features

You can interact with the ACS 5.0 web interface by using the keyboard and the mouse to accomplish actions. The keyboard and mouse features include:

Keyboard accessible links to pages that display dynamic content.

Standard keyboard equivalents are available for all mouse actions.

Multiple simultaneous keystrokes are not required for any action.

Pressing a key for an extended period of time is not required for any action.

Backspace and deletion are available for correcting erroneous entries.

Obtaining Additional Accessibility Information

For more information, refer to the Cisco Accessibility Program:

E-mail: accessibility@cisco.com

Web: http://www.cisco.com/go/accessibility

Product Manager: Mark Basinski, mbasinsk@cisco.com, 1-408-527-7753