Filter
Top Products
9-16
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 9 Managing Policy Elements
Managing Policy Conditions
• Check the check box next to the IP-based device port filter that you want to duplicate, then click
Duplicate.
• Check the check box next to the IP-based device port filter that you want to edit, then click Edit.
A dialog box appears.
Step 2 Choose either of the following:
• Single IP Address—If you choose this option, you must enter a valid address, as follows:
–
IPv4 address in the format x.x.x.x, where x can be any number from 0 to 255.
–
IPv6 address in the format x:x:x:x:x:x:x:x, where x represents one to four hexadecimal digits of
the eight 16-bit pieces of the address. This can be either numbers from 0 to 9 or letters from A
to F.
• IP Range(s)—If you choose this option, you must enter a valid IPv4 or IPv6 address and subnet mask
to filter a range of IP addresses. By default, the subnet mask value for IPv4 is 32, and the IPv6 value
is 128.
Note IPv6 ranges are not supported in ACS 5.4.
Step 3 Check the Port check box and enter the port number. This field is of type string and can contain numbers
or characters. You can use the following wildcard characters:
• ?—match a single character
• *—match a set of characters
For example, the string “p*1*” would match any word that starts with the letter “p” and contains the
number 1, such as port1, port15, and so on.
Step 4 Click OK.
Related Topics
• Managing Network Conditions, page 9-6
• Creating, Duplicating, and Editing Device Port Filters, page 9-15
• Defining Name-Based Device Port Filters, page 9-16
• Defining NDG-Based Device Port Filters, page 9-17
Defining Name-Based Device Port Filters
You can create, duplicate, and edit the name of the network device and the port to which you want to
permit or deny access. To do this:
Step 1 From the Device Name tab, do one of the following:
• Click Create.
• Check the check box next to the name-based device port filter that you want to duplicate, then click
Duplicate.
• Check the check box next to the name-based device port filter that you want to edit, then click Edit.
A dialog box appears.
Step 2 Click Select to choose the network device that you want to filter.