Filter
Top Products
9-21
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 5: Set Up Shared Profile Components
Figure 9-11 Edit Network Access Filtering Page
Step 4 In the Name text box, enter a name for the network access filter.
Step 5 Move any devices or device groups to the Selected Items list.
To move a device or device group, select the item to move and then click the right arrow button to move
it to the Selected Items list.
Step 6 Click Submit.
Configure Downloadable IP ACLs
Downloadable IP Access Control Lists (dACLs) are access lists that can be downloaded to enforce the
network authorization of a host. Downloadable ACLs dynamically download Layer 3 and Layer 4 access
control entries (ACEs) to a router; or, to a VPN concentrator and merge them with the default
interface
ACL.
In ACS 4.2, you can download access lists to specific devices or device groups.
You can define an access list that contains one or more dACLs and later download the list to network
devices, based on their assignments to user groups. Before you define dACLs, enable dACLs.
Each Assessment Result (system posture token), according to its definition, should have its own ACL,
which contains one or more Access Control Entries (ACEs) that will instruct the NAC network device
(router) to block packets from going to a specific destination or allow packets to reach a
specific
destination.