Cisco 3.3 User Manual
Page 166
Chapter 5 Shared Profile Components
Downloadable IP ACLs
5-12
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Step 9
To save the ACL content, click Submit.
The Downloadable IP ACLs page appears with the new ACL content listed by
name in the ACL Contents column.
Step 10
To associate a NAF to the ACL content, select a NAF from the Network Access
Filtering box to the right of the new ACL content. For information on adding a
NAF see
Adding a Network Access Filter, page 5-3
.
Note
If you do not assign a NAF, Cisco Secure ACS associates the ACL content
to all network devices, which is the default.
Step 11
Repeat
through
until you have completely specified the new IP
ACL.
Step 12
To set the order of the ACL contents, select the radio button for an ACL definition
and then click Up or Down to reposition it in the list.
Tip
The order of ACL contents is significant. Working from top to bottom,
Cisco Secure ACS downloads only the first ACL definition that has an
applicable NAF setting (including the All-AAA-Clients default setting if
used). Typically your list of ACL contents will proceed from the one with
the most specific (narrowest) NAF to the one with the most general
(All-AAA-Clients) NAF.
Step 13
To save the IP ACL, click Submit.
Cisco Secure ACS enters the new IP ACL, which takes effect immediately. For
example, if the IP ACL is for use with PIX Firewalls, it is available to be sent to
any PIX Firewall that is attempting authentication of a user who has that
downloadable IP ACL assigned to his or her user or group profile. For information
on assigning a downloadable IP ACL to user or a user group, see