Cisco 3.3 User Manual page 166

Downloadable IP ACLs
To save the ACL content, click Submit.
Step 9
The Downloadable IP ACLs page appears with the new ACL content listed by
name in the ACL Contents column.
To associate a NAF to the ACL content, select a NAF from the Network Access
Step 10
Filtering box to the right of the new ACL content. For information on adding a
NAF see
Note
Repeat
Step 11
ACL.
To set the order of the ACL contents, select the radio button for an ACL definition
Step 12
and then click Up or Down to reposition it in the list.
Tip
To save the IP ACL, click Submit.
Step 13
Cisco Secure ACS enters the new IP ACL, which takes effect immediately. For
example, if the IP ACL is for use with PIX Firewalls, it is available to be sent to
any PIX Firewall that is attempting authentication of a user who has that
downloadable IP ACL assigned to his or her user or group profile. For information
on assigning a downloadable IP ACL to user or a user group, see
Downloadable IP ACL to a User, page
ACL to a Group, page
User Guide for Cisco Secure ACS for Windows Server
5-12
Adding a Network Access Filter, page
If you do not assign a NAF, Cisco Secure ACS associates the ACL content
to all network devices, which is the default.
Step 3 through Step 10
The order of ACL contents is significant. Working from top to bottom,
Cisco Secure ACS downloads only the first ACL definition that has an
applicable NAF setting (including the All-AAA-Clients default setting if
used). Typically your list of ACL contents will proceed from the one with
the most specific (narrowest) NAF to the one with the most general
(All-AAA-Clients) NAF.
6-30.
Chapter 5
5-3.
until you have completely specified the new IP
7-21, or Assigning a Downloadable IP
Shared Profile Components
Assigning a
78-16592-01