beautypg.com

Setting network access restrictions for a user – Cisco 3.3 User Manual

Page 257

background image

7-11

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 7 User Management

Basic User Setup Options

Assigned by AAA client pool—Select this option and type the AAA client
IP pool name in the box, if this user is to have the IP address assigned by an
IP address pool configured on the AAA client.

Assigned from AAA pool—Select this option and type the applicable pool
name in the box, if this user is to have the IP address assigned by an IP address
pool configured on the AAA server. Select the AAA server IP pool name from
the Available Pools list, and then click --> (right arrow button) to move the
name into the Selected Pools list. If there is more than one pool in the
Selected Pools list, the users in this group are assigned to the first available
pool in the order listed. To move the position of a pool in the list, select the
pool name and click Up or Down until the pool is in the position you want.

Step 3

Do one of the following:

If you are finished configuring the user account options, click Submit to
record the options.

To continue to specify the user account options, perform other procedures in
this chapter, as applicable.

Setting Network Access Restrictions for a User

The Network Access Restrictions table in the Advanced Settings area of User
Setup enables you to set NARs in three distinct ways:

Apply existing shared NARs by name.

Define IP-based access restrictions to permit or deny user access to a
specified AAA client or to specified ports on a AAA client when an IP
connection has been established.

Define CLI/DNIS-based access restrictions to permit or deny user access
based on the CLI/DNIS used.

Note

You can also use the CLI/DNIS-based access restrictions area to
specify other values. For more information, see

About Network

Access Restrictions, page 5-15

.