Cisco Systems 3.3 Server User Manual


  Open as PDF
of 860
 
Chapter 14 Network Admission Control
NAC Policies
14-20
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
unsigned integer—The attribute can contain only an integer without a sign.
Valid operators are = (equal to), != (not equal to), > (greater than), < (less
than), <= (less than or equal to), and >= (greater than or equal to). Valid input
in rule elements is a whole number between 0 and 4294967295.
ipaddr—The attribute can contain an IPv4 address. Valid operators are =
(equal to), != (not equal to), and mask. Valid format in rule elements is dotted
decimal format. If the operator is mask, the format is the
mask/IP. For more
information, see Rule Operators, page 14-20.
date—The attribute can contain a date. Valid operators are = (equal to), !=
(not equal to), > (greater than), < (less than), <= (less than or equal to), >=
(greater than or equal to), and days-since-last-update. Valid format in rule
elements:
mm
/dd/yyyy
hh
:mm:ss
version—The attribute can contain an application or data file version. Valid
operators are = (equal to), != (not equal to), > (greater than), < (less than), <=
(less than or equal to), and >= (greater than or equal to). Valid format in rule
elements:
n
.n.n.n
where each n can be an integer from 0 to 65535.
octet-array—The attribute can contain data of arbitrary type and variable
length. Valid operators are = (equal to) and != (not equal to). Valid input in
rule elements is any hexadecimal number, such as 7E (the hexadecimal
equivalent of 126).
Rule Operators
When you construct a rule on the Rule Configuration page, Cisco Secure ACS
only allows you to select an operator that is applicable to the type of attribute you
select. For example, if you select the
Cisco:PA:PA-Name attribute, Cisco Secure
ACS permits the use of the
contains operator in addition to standard
mathematical operators; however, if you choose the Cisco:PA:OS-Version
attribute, Cisco Secure ACS only permits the use of mathematical operators. For
more information about attribute types, see NAC Attribute Data Types,
page 14-19.
 previous next