Network Access Filters
Network Access Filters
About Network Access Filters
User Guide for Cisco Secure ACS for Windows Server
5-2
named shared profile components (downloadable IP ACLs, NAFs, NARs, and
command authorization sets) makes it unnecessary to repeatedly enter long lists
of devices or commands when defining network access parameters.
This section describes NAFs and provides instructions for creating and managing
them.
This section contains the following topics:
About Network Access Filters, page 5-2
•
•
Adding a Network Access Filter, page 5-3
Editing a Network Access Filter, page 5-5
•
Deleting a Network Access Filter, page 5-7
•
A NAF is a named group of any combination of one or more of the following
network elements:
IP addresses
•
AAA clients (network devices)
•
Network device groups (NDGs)
•
Using a NAF to specify a downloadable IP ACL or NAR—based on the AAA
clients by which the user may access the network—saves you the effort of listing
each AAA client explicitly.
NAFs in downloadable IP ACLs—You can associate a NAF with specific
•
ACL contents. A downloadable IP ACL consists of one or more ACL contents
(sets of ACL definitions) that are associated with either a single NAF or, by
default, "All-AAA-Clients". This pairing of ACL content with a NAF permits
Cisco Secure ACS to determine which ACL content is downloaded according
to the IP address of the AAA client making the access request. For more
information on using NAFs in downloadable IP ACLs, see
Downloadable IP ACLs, page
Chapter 5
5-8.
Shared Profile Components
About
78-16592-01