Filter
Top Products
9-13
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 9 Managing Policy Elements
Managing Policy Conditions
Note To configure a filter, at a minimum, you must enter filter criteria in at least one of the three tabs.
Step 5 Click Submit to save the changes.
Related Topics
• Managing Network Conditions, page 9-6
• Importing Network Conditions, page 9-8
• Creating, Duplicating, and Editing End Station Filters, page 9-9
• Creating, Duplicating, and Editing Device Port Filters, page 9-15
Defining IP Address-Based Device Filters
You can create, duplicate, and edit the IP addresses of network devices that you want to permit or deny
access to. To do this:
Step 1 From the IP Address tab, do one of the following:
• Click Create.
• Check the check box next to the IP-based device filter that you want to duplicate, then click
Duplicate.
• Check the check box next to the IP-based device filter that you want to edit, then click Edit.
A dialog box appears.
Step 2 Choose either of the following:
• Single IP Address—If you choose this option, you must enter a valid address, as follows:
–
IPv4 address in the format x.x.x.x, where x can be any number from 0 to 255.
–
IPv6 address in the format x:x:x:x:x:x:x:x, where x represents one to four hexadecimal digits of
the eight 16-bit pieces of the address. This can be either numbers from 0 to 9 or letters from A
to F.
• IP Range(s)—If you choose this option, you must enter a valid IPv4 or IPv6 address and subnet mask
to filter a range of IP addresses. By default, the subnet mask value for IPv4 is 32, and the IPv6 value
is 128.
Note IPv6 ranges are not supported in ACS 5.4.
Step 3 Click OK.
Related Topics
• Managing Network Conditions, page 9-6
• Creating, Duplicating, and Editing Device Filters, page 9-12
• Defining Name-Based Device Filters, page 9-14
• Defining NDG-Based Device Filters, page 9-14