Network access filters, About network access filters, Network – Cisco 3.3 User Manual
Page 156
Chapter 5 Shared Profile Components
Network Access Filters
5-2
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
named shared profile components (downloadable IP ACLs, NAFs, NARs, and
command authorization sets) makes it unnecessary to repeatedly enter long lists
of devices or commands when defining network access parameters.
Network Access Filters
This section describes NAFs and provides instructions for creating and managing
them.
This section contains the following topics:
•
About Network Access Filters, page 5-2
•
Adding a Network Access Filter, page 5-3
•
Editing a Network Access Filter, page 5-5
•
Deleting a Network Access Filter, page 5-7
About Network Access Filters
A NAF is a named group of any combination of one or more of the following
network elements:
•
IP addresses
•
AAA clients (network devices)
•
Network device groups (NDGs)
Using a NAF to specify a downloadable IP ACL or NAR—based on the AAA
clients by which the user may access the network—saves you the effort of listing
each AAA client explicitly.
•
NAFs in downloadable IP ACLs—You can associate a NAF with specific
ACL contents. A downloadable IP ACL consists of one or more ACL contents
(sets of ACL definitions) that are associated with either a single NAF or, by
default, “All-AAA-Clients”. This pairing of ACL content with a NAF permits
Cisco Secure ACS to determine which ACL content is downloaded according
to the IP address of the AAA client making the access request. For more
information on using NAFs in downloadable IP ACLs, see
Downloadable IP ACLs, page 5-8
.