Cisco 3.3 User Manual

Page 593

Advertising
background image

14-21

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 14 Network Admission Control

NAC Policies

The following are the operators that Cisco Secure ACS supports:

= (equal to)—The rule element is true if the value contained in the attribute
is exactly equal to the value that you specify.

!= (not equal to)—The rule element is true if the value contained in the
attribute does not equal to the value that you specify.

Tip

Using the != operator can lead to confusion, especially with boolean attributes.
For example, if a rule element for a boolean attribute requires that the attribute is
not equal to

false

and the attribute in a specific posture validation request was 1,

Cisco Secure ACS would evaluate the rule element to be true. To avoid confusion,
you can express the rule element more clearly by requiring that the attribute is
equal to

true

.

> (greater than)—The rule element is true if the value contained in the
attribute is greater than the value that you specify.

< (less than)—The rule element is true if the value contained in the attribute
is less than the value that you specify.

<= (less than or equal to)—The rule element is true if the value contained in
the attribute is less than or equal to the value that you specify.

>= (greater than or equal to)—The rule element is true if the value
contained in the attribute is greater than or equal to the value that you specify.

contains—The rule element is true if the attribute contains a string and if any
part of that string matches the string that you specify. For example, using the
contains operator and a value of

sc

would match an attribute containing the

string

Cisco

, the string

scsi

, or the string

disc

.

starts-with—The rule element is true if the attribute contains a string and if
the beginning of that string matches the string that you specify. For example,
using the starts-with operator and a value of

Ci

would match an attribute

containing the string

Cisco

or the string

Ciena

.

regular-expression—The rule element is true if the attribute contains a string
and if the string matches the regular expression that you specify. Cisco Secure
ACS supports the following regular expression operators:

^ (caret)—The ^ operator matches the start of a string. For example

^Ci

would match the string

Cisco

or the string

Ciena

.

Advertising
Popular Brands
Popular manuals