Cisco Systems Servers Server User Manual


  Open as PDF
of 654
 
6-9
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 6 Setting Up and Managing User Groups
Common User Group Settings
Step 4 To define and apply a NAR, for this particular user group, that permits or denies
this groups access based on IP address, or IP address and port, follow these steps:
Tip You should define most NARs from within the Shared Components section so
that the restrictions can be applied to more than one group or user. For more
information, see the Shared Network Access Restrictions Configuration
section on page 5-7.
a. In the Network Access Restrictions table, select the Define IP-based access
restrictions check box.
b. To specify whether the subsequent listing specifies permitted or denied IP
addresses, from the Table Defines list, select either Permitted Calling/Point
of Access Locations or Denied Calling/Point of Access Locations.
c. Select or enter the information in the following boxes:
AAA ClientSelect either All AAA Clients or the name of the NDG or
the name of the individual AAA client to which to permit or deny access.
PortType the number of the port to which to permit or deny access.
You can use the wildcard asterisk (*) to permit or deny access to all ports
on the selected AAA client.
AddressType the IP address or addresses to filter on when performing
access restrictions. You can use the wildcard asterisk (*).
d. Click Enter.
Result: The specified the AAA client, port, and address information appears
in the NAR Access Control list.
Step 5 To permit or deny this user groups access based on calling location or values
other than an established IP address, follow these steps:
a. Select the Define CLI/DNIS-based access restrictions check box.
b. To specify whether the subsequent listing specifies permitted or denied
values, from the Table Defines list, select one of the following:
Permitted Calling/Point of Access Locations
Denied Calling/Point of Access Locations
c. From the AAA Client list, select either All AAA Clients or the name of the
NDG or the name of the particular AAA client to which to permit or deny
access.
 previous next