Cisco 3.3 User Manual

Page 198

Advertising
background image

Chapter 6 User Group Management

Basic User Group Settings

6-8

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 5

To continue specifying other group settings, perform other procedures in this
chapter, as applicable.

Setting Network Access Restrictions for a User Group

The Network Access Restrictions table in Group Setup enables you to apply
network access restrictions (NARs) in three distinct ways:

Apply existing shared NARs by name.

Define IP-based group access restrictions to permit or deny access to a
specified AAA client or to specified ports on a AAA client when an IP
connection has been established.

Define CLI/DNIS-based group NARs to permit or deny access to either, or
both, the calling line ID (CLI) number or the Dialed Number Identification
Service (DNIS) number used.

Note

You can also use the CLI/DNIS-based access restrictions area to
specify other values. For more information, see

About Network

Access Restrictions, page 5-15

.

Typically, you define (shared) NARs from within the Shared Components section
so that these restrictions can be applied to more than one group or user. For more
information, see

Adding a Shared Network Access Restriction, page 5-19

. You

must have enabled the Group-Level Shared Network Access Restriction check
box on the Advanced Options page of the Interface Configuration section for
these options to appear in the Cisco Secure ACS HTML interface.

However, Cisco Secure ACS also enables you to define and apply a NAR for a
single group from within the Group Setup section. You must have enabled the
Group-Level Network Access Restriction setting under the Advanced Options
page of the Interface Configuration section for single group IP-based filter options
and single group CLI/DNIS-based filter options to appear in the Cisco Secure
ACS HTML interface.

Advertising