beautypg.com

Cisco 3.3 User Manual

Page 166

background image

Chapter 5 Shared Profile Components

Downloadable IP ACLs

5-12

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 9

To save the ACL content, click Submit.

The Downloadable IP ACLs page appears with the new ACL content listed by
name in the ACL Contents column.

Step 10

To associate a NAF to the ACL content, select a NAF from the Network Access
Filtering box to the right of the new ACL content. For information on adding a
NAF see

Adding a Network Access Filter, page 5-3

.

Note

If you do not assign a NAF, Cisco Secure ACS associates the ACL content
to all network devices, which is the default.

Step 11

Repeat

Step 3

through

Step 10

until you have completely specified the new IP

ACL.

Step 12

To set the order of the ACL contents, select the radio button for an ACL definition
and then click Up or Down to reposition it in the list.

Tip

The order of ACL contents is significant. Working from top to bottom,
Cisco Secure ACS downloads only the first ACL definition that has an
applicable NAF setting (including the All-AAA-Clients default setting if
used). Typically your list of ACL contents will proceed from the one with
the most specific (narrowest) NAF to the one with the most general
(All-AAA-Clients) NAF.

Step 13

To save the IP ACL, click Submit.

Cisco Secure ACS enters the new IP ACL, which takes effect immediately. For
example, if the IP ACL is for use with PIX Firewalls, it is available to be sent to
any PIX Firewall that is attempting authentication of a user who has that
downloadable IP ACL assigned to his or her user or group profile. For information
on assigning a downloadable IP ACL to user or a user group, see

Assigning a

Downloadable IP ACL to a User, page 7-21

, or

Assigning a Downloadable IP

ACL to a Group, page 6-30

.