Support User Manuals

Cisco Systems 3.3 Server User Manual

Open as PDF

of 860

14-21

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 14 Network Admission Control

NAC Policies

The following are the operators that Cisco Secure ACS supports:

• = (equal to)—The rule element is true if the value contained in the attribute

is exactly equal to the value that you specify.

• != (not equal to)—The rule element is true if the value contained in the

attribute does not equal to the value that you specify.

Tip Using the != operator can lead to confusion, especially with boolean attributes.

For example, if a rule element for a boolean attribute requires that the attribute is

not equal to

false and the attribute in a specific posture validation request was 1,

Cisco Secure ACS would evaluate the rule element to be true. To avoid confusion,

you can express the rule element more clearly by requiring that the attribute is

equal to true.

• > (greater than)—The rule element is true if the value contained in the

attribute is greater than the value that you specify.

• < (less than)—The rule element is true if the value contained in the attribute

is less than the value that you specify.

• <= (less than or equal to)—The rule element is true if the value contained in

the attribute is less than or equal to the value that you specify.

• >= (greater than or equal to)—The rule element is true if the value

contained in the attribute is greater than or equal to the value that you specify.

• contains—The rule element is true if the attribute contains a string and if any

part of that string matches the string that you specify. For example, using the

contains operator and a value of

sc would match an attribute containing the

string

Cisco, the string scsi, or the string disc.

• starts-with—The rule element is true if the attribute contains a string and if

the beginning of that string matches the string that you specify. For example,

using the starts-with operator and a value of

Ci would match an attribute

containing the string

Cisco or the string Ciena.

• regular-expression—The rule element is true if the attribute contains a string

and if the string matches the regular expression that you specify. Cisco Secure

ACS supports the following regular expression operators:

–

^ (caret)—The ^ operator matches the start of a string. For example ^Ci

would match the string

Cisco or the string Ciena.

previous next