Table of Contents

A
B
C
D
E
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
X

index

A

access control lists (ACLs)

for services     2-12, 2-21

for SESM web portal applications     2-31

for users     2-12, 2-30

Access mode attribute     2-13, 2-16, C-2

ACCOUNT_MANAGER_ROLE     A-1

ACCOUNT_MANAGER_RULE     A-2

Account Enabled attribute     2-32, 2-38

account management     1-5

account managers     2-25, 2-41

address pools     2-18, 2-26, 2-33, 2-39

administrators

as CDAT users     2-25

description     1-6

logging in     2-3

privileges     2-41

Affected Roles attribute     2-50

Agent View     1-1

Allow Create Sub-Account attribute     2-9

applications

configuring remotely     1-1

monitoring memory     1-2

attributes

core schema     B-39

inherited values     2-9

policy schema     B-31

predefined     2-6

RADIUS     2-19, 2-20, 2-24, 2-30, 2-37

service profile     C-1

SPE schema extensions     B-1, B-13

vendor-specific     C-1

authentication

Cisco Security Policy Engine (SPE)     1-5

Service Selection Gateway (SSG)     2-11

authorization     1-5

autoConnect attribute     2-35, 2-41

Auto-logon attribute     2-35, 2-40

auto-logon services     2-35, 2-40

B

bandwidth policing     2-13

Block Inheritance attribute     2-32

browsers     2-3

bulk administration     2-2

bulk provisioning     1-8

buttons in CDAT     2-6

C

CDAT

See Cisco Distributed Administration Tool (CDAT)

cdat.jetty.xml file     2-10

cdat.xml file     2-10

Cisco_Azn_Super privilege     2-9, 2-46

CISCO_AZN keyword     2-50

Cisco_Dess_* privileges     2-46

Cisco AV pairs

for service groups     2-24

for services     2-20, C-3

for user groups     2-37

for users     2-30

CiscoAzn* attributes     B-1, B-13

CiscoAzn* classes     B-1

CiscoDESS* attributes     B-1, B-13

CiscoDESS* classes     B-1

Cisco Distributed Administration Tool (CDAT)

accessing objects     2-8

browsers     2-3

bulk administration     2-2

bulk provisioning     1-8

configuring     2-10

displaying objects     2-8

expert interface     1-9, 2-1, 2-5

learning about     1-9

logging in     2-3

management console     2-10

name space     2-8

navigating     2-5

overview     1-1, 1-4

RBAC examples     1-7

remote configuration     1-2

remote management     1-1

remote monitoring     1-2

sample data     2-4

Cisco Security Policy Engine (SPE)

learning about     1-9

predefined roles and rules     A-1

remote configuration     1-1

schema extensions     B-1

software     2-41

used with SESM and CDAT     1-3, 1-5

Cisco Subscriber Edge Services Manager (Cisco SESM)     1-3

See also SESM web applications     1-3

classes

core LDAP schema     B-37

core policy     B-24

for SPE schema extensions     B-1

concurrent access mode     2-13, 2-16, C-2

Condition attribute     2-50

conditions for rules     2-50

configuration, remote     1-1

configuration files     2-10, 2-11

connection groups     2-24

converting RADIUS profiles     1-8

cookies     2-3

core LDAP schema     B-37

core policy objects     B-24

Create Subaccount button     2-6

creating

NRPs     2-51

roles     2-41

rules     2-47

service groups     2-23

services     2-11

user groups     2-35

users     2-25

CREATOR_SUPERVISOR_ROLE     A-1

CREATOR_SUPERVISOR_RULE     A-2

Creator dynamic subject     2-45

D

Delete button     2-6

Depth box     2-5

DESS     A-1

DESS/AUTH

attributes     B-1, B-13

classes     B-1

description     1-5

installing schema extensions     1-9

learning about     1-9

schema extensions     B-1

destinations for services     C-2

directory servers     1-5

DNS Redirection     2-12

DNS servers

fault tolerance     2-12

for a service     2-17, C-2

domain names     2-12, 2-17, C-2

Domain names attribute     2-17, C-2

dynamic subjects     2-45

Dynamic Subjects attribute     2-45

E

Enable Single Sign-On attribute     2-9, 2-33, 2-39

enabling accounts     2-32, 2-38

encryption of passwords     2-9

expert interface     1-9, 2-5

exporting from an LDAP directory     1-8

G

group-level privileges     2-2

groups

service     1-6, 2-23

user     1-6, 2-2, 2-35

H

Help button     2-5

Hidden attribute     2-35, 2-41

Home URL attribute     2-9, 2-32, 2-38

I

Idle Timeout attribute     2-9, 2-13

idle timeouts     2-11, 2-22, 2-24, 2-31, 2-38, C-1

implied privileges     2-45

importing to an LDAP directory     1-8

inacl AV pair     2-30

inheritance

attributes and     2-9, 2-35

subaccount subscriptions     2-32

Install RBAC option     1-8, 2-3

ip local pool command     2-26

IP Pool Name attribute     2-18

K

Keywords attribute     2-50

keywords in rules     2-50

L

LDAP directories     1-5, 1-10, C-1

LDAP Directory Interchange Format (LDIF) files     2-4

ldapmodify command     1-8

LDAP schema

core     B-37

core policy     B-24

extensions     B-1

LDIF files     1-8, 2-4

Lightweight Directory Access Protocol (LDAP)     1-5

local address pools     2-18, 2-26, 2-33, 2-39

Local Generic RADIUS attributes     2-9, 2-37, 2-53

Local RADIUS attributes     2-24, 2-30

defining     2-6

logging into CDAT     2-3

Logout button     2-5

M

management console     2-10

Maximum Number of Sub-Accounts attribute     2-9, 2-32, 2-39

maxVariables attribute     2-10

memory

monitoring     1-2

memory metrics     1-2

MERIT RADIUS files     1-8

modes

concurrent access     C-2

sequential service     C-2

monitoring applications remotely     1-2

Mutually Exclusive Connection Group attribute     2-24

Mutually Exclusive Subscription Group attribute     2-24

N

names

objects     2-8

services     2-16

Next hop gateway attribute     2-12, 2-16, C-2

next-hop keys     2-16, 2-51

next-hop tables

creating     2-51, 2-52

defining entries     2-52

description     2-12

names     2-52

used by SSG     2-11

using to access services     2-51

Novell eDirectory

sample data     2-4

use with SESM     1-5

NRP objects     2-51

NRPs window     2-12, 2-52

O

objects

accessing     2-8

attributes     2-5

displaying     2-8

naming     2-8

occupants of a role     2-45

Operator attribute     2-50

operators for rule conditions     2-50

Organizational Units for predefined rules     A-2

Organizations for predefined rules     A-2

outacl AV pair     2-30

P

packet filtering     2-12

PARENT_MANAGE_ROLE     A-1

PARENT_MANAGE_RULE     A-2

Parent dynamic subject     2-45

passthrough services     2-11, 2-16, C-2

passwords     2-9

per-session policing     2-14

per-user policing     2-14

policy* attributes     B-24, B-31

policy* classes     B-24

Pool name attribute     2-9, 2-33, 2-39, C-3

predefined attributes     2-6

predefined roles     1-9, 2-41, A-1

predefined rules     1-9, 2-48, A-2

Primary DNS servers attribute     C-2

Primary Service attribute     2-9, 2-33, 2-39

primary services

examples     2-26

for subscriber groups     2-39

for subscribers     2-25, 2-33

IP pool name     2-18

privileges

accessing objects     2-8

administrator     2-3

Cisco_Azn_Super     2-46

Cisco_Dess_*     2-46

displaying objects     2-8

implied     2-45

specifying in roles     2-41, 2-45

subscriber     2-42

user groups     2-35

Privileges attribute     2-45

provisioning of subscribers     2-2

proxy services     2-11, 2-16, 2-18, C-2

Public dynamic subject     2-45

PUBLISHER_ROLE     A-1

PUBLISHER_RULE     A-2

publishers     2-25, 2-41

Q

Q attribute     2-14

Quality of Service (QoS)     2-14

queryMaxResults attribute     2-10

queryTimeout attribute     2-10

R

RADIUS

attributes     1-4, 2-40

attributes for service groups     2-24

attributes for services     2-19

attributes for TCP redirection     2-33

attributes for user groups     2-37

attributes for users     2-30

defining attributes     2-6

dynamically defined attributes     2-8

predefined attributes     2-6

profiles     1-8

proxy services     C-2

server attributes     2-18, C-2

service profiles     C-1

TCP redirection attributes     2-40

RADIUS Data Proxy (RDP) server

configuration attributes     2-10

monitoring remotely     1-2

next-hop table password     2-51

service-profile translations     1-10, C-1

RBAC

See Role Based Access Control (RBAC)

RDP

See RADIUS Data Proxy (RDP) server

rdp.xml file     2-51

remote configuration     1-1

remote managing     1-1

remote monitoring     1-2

Reset button     2-6

resources

administrative access     2-8

description     1-6

examples     1-7

specifying in a rule     2-50

user groups     2-35

Resources attribute     2-50

Retrieve button     2-5

Role Based Access Control (RBAC)

CDAT example     1-7

learning about     1-10

overview     1-3, 1-5

terminology     1-6

roles

affected with rules     2-50

creating     2-2, 2-41

description     1-6

examples     1-7, 2-41

occupants     2-45

predefined     1-9, A-1

user groups     2-37

Roles window     2-43

routes for services     C-2

rules

creating     2-2, 2-47

description     1-6

examples     1-7

predefined     1-9, A-2

Rules window     2-48

S

sample data for CDAT     2-4

schema

core     B-37

core policy     B-24

extensions     B-1

schema extensions     B-1

scope of subscriptions     2-34, 2-40

Secondary DNS servers attribute     C-2

SELF_MANAGE_ROLE     2-42, A-1

SELF_MANAGE_RULE     2-42, A-2

SELF_SERVICE_ROLE     A-1

SELF_SERVICE_RULE     A-2

self-care     2-42

Self dynamic subject     2-45

sequential access mode     2-13, 2-16, C-2

service access order     2-12

Service class attribute     2-16

service classes     2-11, C-2

service filters     2-33, 2-39

Service Filters attribute     2-9, 2-33, 2-39

service groups

creating     2-23

description     1-6

idle timeouts     2-24

mutually-exclusive connection     2-24

mutually-exclusive subscription     2-24

rule associations     2-25

specifying other service groups     2-23

specifying services     2-19

Service Groups window     2-23

service profiles

description     1-4

RDP translation     C-1

Service Route attribute     2-12

Service routes attribute     2-17, C-2

services

access modes     2-16

ACLs     2-12

address pools     2-18

Cisco AV pairs     2-20

classes     2-16

concurrent access     2-13

creating     2-2, 2-11, 2-12, 2-14

description     1-6

description used by SESM web application     2-16

destinations     C-2

DNS redirection     2-12

domain names     2-17

idle timeouts     2-13, 2-22

names     2-16

next-hop tables     2-12, 2-16, 2-51

passthrough     2-11, 2-16, C-2

primary NDS servers     2-17

proxy     2-11, 2-16, 2-18, C-2

routes     2-17

rule associations     2-22

secondary DNS servers     2-17

sequential access     2-13

session timeouts     2-13, 2-22, 2-25

subscriptions     2-34, 2-40

tunnel     2-11, 2-16, C-2

types     2-17, C-1

URLs     2-17

Service Selection Gateway (SSG)

configuring     1-9

configuring services     2-1

creating services     2-11

service-profile translation     C-1

use with SESM     1-4, 2-11

Services window     2-14

Service type attribute     2-17

Service URL attribute     2-17, C-2

SESM web applications

description     1-3

monitoring remotely     1-2

service descriptions     2-16

service names     2-16

Session Timeout attribute     2-9, 2-13

sessionTimeout attribute     2-10

session timeouts     2-11, 2-22, 2-25, 2-31, 2-38, C-1

single sign-on     2-33

SSG Hierarchical Policing     2-13

ssg next-hop command     2-51

Starts with box     2-5

State attribute     2-50

subaccounts

creating     2-6

maximum number     2-32, 2-39

passwords     2-9

privileges     2-42, 2-43

role determination     2-41

unlimited     2-32, 2-39

Subjects attribute     2-45

Subscribe attribute     2-34, 2-40

SUBSCRIBER_ROLE     A-1

SUBSCRIBER_RULE     A-2

subscriber profiles     1-4

subscribers

bulk provisioning     1-8

creating     2-25

description     1-6, 2-41

enabled accounts     2-32, 2-38

PPP primary service     2-26

privileges for     2-42

subaccounts     2-27

subscription groups     2-24

subscriptions     2-34, 2-40

SunONE iPlanet Directory Server

sample data     2-4

use with SESM     1-5

SUPERVISOR_ROLE     A-1

SUPERVISOR_RULE     A-2

T

TCP Redirection attributes     2-9, 2-33, 2-40

timeouts     2-11, C-1

tunnel services

attributes     2-18, C-3

creating     2-16

description     2-11

identifiers     2-19

IP addresses     2-19

passwords     2-19

service-profile translation     C-2

U

Unlimited Sub-Accounts attribute     2-32, 2-39

Update button     2-6

URLs

home for subscriber     2-32, 2-38

service     2-17

user groups

access to resources     2-35

address pools     2-39

creating     2-2, 2-25, 2-35

description     1-6

enabled accounts     2-38

examples     1-7

idle timeouts     2-38

primary services     2-39

service filters     2-39

session timeouts     2-38

specifying users     2-31

TCP redirection     2-40

User Groups window     2-35

User Information attributes     2-29

users

ACLs     2-12, 2-30

address pools     2-33

creating     2-2, 2-25

description     1-6

examples     1-7, 2-25

home URLs     2-32, 2-38

idle timeouts     2-13, 2-31

information attributes     2-29

names for logging into CDAT     2-3

non-PPP connections     2-31

passwords     2-9

primary services     2-33

role determination     2-41

service filters     2-33

session timeouts     2-13, 2-31

single sign-on     2-33, 2-39

TCP redirection     2-33

Users window     2-27

V

Value attribute     2-50

values for rule conditions     2-50

Variable attribute     2-50

variables for rule conditions     2-50

vendor-specific attributes (VSAs)

in service profiles     C-1

predefined     2-6

W

web applications     1-3

X

X.500 user schema     2-29

Posted: Mon Dec 16 08:38:30 PST 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.