Cisco Systems 3.3 Server User Manual


 
Chapter6 User Group Management
Basic User Group Settings
6-10
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Step 4 To define and apply a NAR, for this particular user group, that permits or denies
access to this group based on IP address, or IP address and port, follow these
steps:
Tip You should define most NARs from within the Shared Components
section so that the restrictions can be applied to more than one group or
user. For more information, see Adding a Shared Network Access
Restriction, page 5-19.
a. In the Per Group Defined Network Access Restrictions section of the
Network Access Restrictions table, select the Define IP-based access
restrictions check box.
b. To specify whether the subsequent listing specifies permitted or denied IP
addresses, from the Table Defines list, select either Permitted Calling/Point
of Access Locations or Denied Calling/Point of Access Locations.
c. Select or enter the information in the following boxes:
AAA Client—Select either All AAA Clients or the name of the NDG or
the name of the individual AAA client to which to permit or deny access.
Port—Type the number of the port to which to permit or deny access.
You can use the wildcard asterisk (*) to permit or deny access to all ports
on the selected AAA client.
Address—Type the IP address or addresses to filter on when performing
access restrictions. You can use the wildcard asterisk (*).
Note The total number of characters in the AAA Client list and the Port and
Src IP Address boxes must not exceed 1024. Although Cisco Secure
ACS accepts more than 1024 characters when you add a NAR, you
cannot edit the NAR and Cisco Secure ACS cannot accurately apply
it to users.
d. Click Enter.
The specified the AAA client, port, and address information appears in the
NAR Access Control list.