About network access restrictions – Cisco 3.3 User Manual

Page 169

Advertising
background image

5-15

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 5 Shared Profile Components

Network Access Restrictions

This section contains the following topics:

About Network Access Restrictions, page 5-15

Adding a Shared Network Access Restriction, page 5-19

Editing a Shared Network Access Restriction, page 5-23

Deleting a Shared Network Access Restriction, page 5-24

About Network Access Restrictions

A NAR is a definition, which you make in Cisco Secure ACS, of additional
conditions that must be met before a user can access the network. Cisco Secure
ACS applies these conditions using information from attributes sent by your AAA
clients. Although there are several ways you can set up NARs, they all are based
on matching attribute information sent by a AAA client. Therefore, you must
understand the format and content of the attributes your AAA clients send if you
want to employ effective NARs.

In setting up a NAR you can choose whether the filter operates positively or
negatively. That is, in the NAR you specify whether to permit or deny network
access, based on comparison of information sent from AAA clients to the
information stored in the NAR. However, if a NAR does not encounter sufficient
information to operate, it defaults to denied access. This is shown in

Table 5-1

.

Cisco Secure ACS supports two types of NAR filters:

IP-based filters—IP-based NAR filters limit access based upon the IP
addresses of the end-user client and the AAA client. For more information on
this type of NAR filter, see

About IP-based NAR Filters, page 5-17

.

Non-IP-based filters—Non-IP-based NAR filters limit access based upon
simple string comparison of a value sent from the AAA client. The value may
be the calling line ID (CLI) number, the Dialed Number Identification
Service (DNIS) number, the MAC address, or other value originating from

Table 5-1

NAR Permit/Deny Conditions

IP-Based

Non-IP Based

Insufficient Information

Permit

Access Granted

Access Denied

Access Denied

Deny

Access Denied

Access Granted

Access Denied

Advertising
Popular Brands
Popular manuals