Filter
Top Products
9-10
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 9 Managing Policy Elements
Managing Policy Conditions
Note To configure a filter, at a minimum, you must enter filter criteria in at least one of the three tabs.
Step 5 Click Submit to save the changes.
Related Topics
• Managing Network Conditions, page 9-6
• Importing Network Conditions, page 9-8
• Creating, Duplicating, and Editing Device Filters, page 9-12
• Creating, Duplicating, and Editing Device Port Filters, page 9-15
Defining IP Address-Based End Station Filters
You can create, duplicate, and edit the IP addresses of end stations that you want to permit or deny access
to. To do this:
Step 1 From the IP Address tab, do one of the following:
• Click Create.
• Check the check box next to the IP-based end station filter that you want to duplicate, then click
Duplicate.
• Check the check box next to the IP-based end station filter that you want to edit, then click Edit.
A dialog box appears.
Step 2 Choose either of the following:
• Single IP Address—If you choose this option, you must enter a valid address, as follows:
–
IPv4 address in the format x.x.x.x, where x can be any number from 0 to 255.
–
IPv6 address in the format x:x:x:x:x:x:x:x, where x represents one to four hexadecimal digits of
the eight 16-bit pieces of the address. This can be either numbers from 0 to 9 or letters from A
to F.
• IP Range(s)—If you choose this option, you must enter a valid IPv4 address and subnet mask to filter
a range of IP addresses. By default, the subnet mask value for IPv4 is 32, and the IPv6 value is 128.
Note IPv6 ranges are not supported in ACS 5.4.
Note IPv6 addresses are supported only in TACACS+ protocols.
Step 3 Click OK.
Related Topics
• Managing Network Conditions, page 9-6
• Creating, Duplicating, and Editing End Station Filters, page 9-9