beautypg.com

Cisco 3.3 User Manual

Page 261

background image

7-15

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 7 User Management

Basic User Setup Options

c.

Complete the following boxes:

Note

You must make an entry in each box. You can use the wildcard
asterisk (*) for all or part of a value. The format you use must match
the format of the string you receive from your AAA client. You can
determine this format from your RADIUS Accounting Log.

AAA Client—Select All AAA Clients, or the name of the NDG, or the
name of the individual AAA client, to which to permit or deny access.

PORT—Type the number of the port to which to permit or deny access.
You can use the wildcard asterisk (*) to permit or deny access to all ports.

CLI—Type the CLI number to which to permit or deny access. You can
use the wildcard asterisk (*) to permit or deny access based on part of the
number.

Tip

This is also the selection to use if you want to restrict access based on
other values such as a Cisco Aironet client MAC address. For more
information, see

About Network Access Restrictions, page 5-15

.

DNIS—Type the DNIS number to which to permit or deny access. Use
this to restrict access based on the number into which the user will be
dialing. You can use the wildcard asterisk (*) to permit or deny access
based on part of the number.

Tip

This is also the selection to use if you want to restrict access based on
other values such as a Cisco Aironet AP MAC address. For more
information, see

About Network Access Restrictions, page 5-15

.

Note

The total number of characters in the AAA Client list and the Port,
CLI, and DNIS boxes must not exceed 1024. Although Cisco Secure
ACS accepts more than 1024 characters when you add a NAR, you
cannot edit the NAR and Cisco Secure ACS cannot accurately apply
it to users.