Rule operators – Cisco 3.3 User Manual

Page 592

Advertising
background image

Chapter 14 Network Admission Control

NAC Policies

14-20

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

unsigned integer—The attribute can contain only an integer without a sign.
Valid operators are = (equal to), != (not equal to), > (greater than), < (less
than), <= (less than or equal to), and >= (greater than or equal to). Valid input
in rule elements is a whole number between 0 and 4294967295.

ipaddr—The attribute can contain an IPv4 address. Valid operators are =
(equal to), != (not equal to), and mask. Valid format in rule elements is dotted
decimal format. If the operator is mask, the format is the

mask

/

IP

. For more

information, see

Rule Operators, page 14-20

.

date—The attribute can contain a date. Valid operators are = (equal to), !=
(not equal to), > (greater than), < (less than), <= (less than or equal to), >=
(greater than or equal to), and days-since-last-update. Valid format in rule
elements:

mm

/

dd

/

yyyy

hh

:

mm

:

ss

version—The attribute can contain an application or data file version. Valid
operators are = (equal to), != (not equal to), > (greater than), < (less than), <=
(less than or equal to), and >= (greater than or equal to). Valid format in rule
elements:

n

.

n

.

n

.

n

where each n can be an integer from 0 to 65535.

octet-array—The attribute can contain data of arbitrary type and variable
length. Valid operators are = (equal to) and != (not equal to). Valid input in
rule elements is any hexadecimal number, such as 7E (the hexadecimal
equivalent of 126).

Rule Operators

When you construct a rule on the Rule Configuration page, Cisco Secure ACS
only allows you to select an operator that is applicable to the type of attribute you
select. For example, if you select the

Cisco:PA:PA-Name

attribute, Cisco Secure

ACS permits the use of the

contains

operator in addition to standard

mathematical operators; however, if you choose the Cisco:PA:OS-Version
attribute, Cisco Secure ACS only permits the use of mathematical operators. For
more information about attribute types, see

NAC Attribute Data Types,

page 14-19

.

Advertising
Popular Brands
Popular manuals