Rule configuration options – Cisco 3.3 User Manual

Page 596

Advertising
background image

Chapter 14 Network Admission Control

NAC Policies

14-24

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Note

Under Default Rule, the meanings of the Result Credential Type list,
Token list, and Action box are identical to the options of the same
name in the Configurable Rules table, except that the default rule is
automatically true, provided that no rule in the Configurable Rules
table is true.

Rule Configuration Options

On the Rule Configuration page you can specify the rule elements that make up a
rule. For more information about rules, see

About Rules, Rule Elements, and

Attributes, page 14-19

.

The options for configuring a rule are as follows:

Rule Elements Table—Lists the rule elements that make up the rule. The
information displayed in Attribute, Operator, and Value columns for each rule
element reflect the settings specified when the rule element was created. For
details about the meaning of each column, see the corresponding option
description below.

The Rule Elements Table is limited to displaying 27 characters in the
Attribute column and 11 characters in the Value column.

Remove button—Removes the selected rule element from the Rule Elements
Table and sets the Attribute, Operator, and Value options to the values in the
corresponding columns of the removed rule element. You can also
double-click a rule element to remove it from the table.

Tip

The Remove button enables you to edit a rule element previously added to the
table. After you select the rule and click remove, you can change the Attribute,
Operator, and Value options (described below) and then click enter to return the
edited rule to the Rule Elements Table.

Attribute—Lists all posture validation attributes that you can use to specify
rules. The attributes listed are only those that can be received from a NAC
client. Attributes that can only be sent, such as
Cisco:PA:System-Posture-Token, cannot be used in a rule and thus never

Advertising