Configuration Guide for Cisco Secure ACS 4.2
Chapter 4 Using RDBMS Synchronization to Create dACLs and Specify Network Configuration
Using RDBMS Synchronization to Configure dACLs
• Remote Invocation of the CSDBSync Service on the ACS Solution Engine—With ACS 4.2, you
can run the CSDBSync service on a remote ACS SE, over an SSH connection.
Using RDBMS Synchronization to Configure dACLs
With ACS 4.2, you can use RDBMS Synchronization to set up downloadable dACLs and associate
dACLs with specified Users or Groups.
To configure dACLs by using RDBMS Synchronization:
Step 1 Enable RDBMS Synchronization and dACLs.
Step 2 Create a text file to define the dACLs.
Step 3 Code an accountActions CSV file to create the dACL, and associate a User or Group with the dACL.
Step 4 Configure RDBMS Synchronization to use a local CSV file.
Step 5 Perform RDBMS Synchronization in one of two ways:
• From the ACS GUI.
• By running the csdbsync -syncnow command from the Windows command shell or in an SSH
connection with a remote ACS SE.
Step 6 View the dACL.
Step 1: Enable dACLs
To enable dACLs:
Step 1 In the Navigation Bar, click Interface Configuration.
Step 2 Click Advanced Options.
The Advanced Options page opens.
Step 3 Check the User-Level Downloadable ACLs check box.
Step 4 Check the Group-Level Downloadable ACLs check box.
This enables assigning a dACL to a Group Name.
Step 5 Check the RDBMS Synchronization check box.
Step 6 Click Submit.
Step 2: Create a Text File to Define the dACLs
To create a text file to define dACLs:
Step 1 Use a text editor of your choice to create a text file; for example Notepad.