About rules, rule elements, and attributes, Nac attribute data types – Cisco 3.3 User Manual
Page 591
14-19
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 14 Network Admission Control
NAC Policies
About Rules, Rule Elements, and Attributes
A rule is a set of one or more rule elements. A rule element is a logical statement
consisting of the following three items:
•
A posture validation attribute
•
An operator
•
A value
Cisco Secure ACS uses the operator to compare the contents of an attribute to the
value. Each rule element of a rule must be true for the whole rule to be true. In
other words, all rule elements of a rule are “anded” together.
This section contains the following topics:
•
NAC Attribute Data Types, page 14-19
•
NAC Attribute Data Types
Posture validation attributes can be one of the following data types:
•
boolean—The attribute can contain a value of either 1 or 0 (zero). In the
HTML interface, when you define a rule element with a boolean attribute,
valid input are the words
false
and
true
. Valid operators are = (equal to) and
!= (not equal to). When a rule element using a boolean attribute is evaluated,
false
corresponds to a value of 0 (zero) and
true
corresponds to 1.
For example, if a rule element for a boolean attribute requires that the
attribute is not equal to
false
and the attribute in a specific posture validation
request was 1, Cisco Secure ACS would evaluate the rule element to be true;
however, to avoid confusion, you can express the rule element more clearly
by requiring that the attribute is equal to
true
.
•
string—The attribute can contain a string. Valid operators are = (equal to), !=
(not equal to), contains, starts-with, and regular-expression.
•
integer—The attribute can contain an integer, including a signed integer.
Valid operators are = (equal to), != (not equal to), > (greater than), < (less
than), <= (less than or equal to), >= (greater than or equal to). Valid input in
rule elements is an integer between -65535 and 65535.