Chapter 14
Network Admission Control
About Rules, Rule Elements, and Attributes
NAC Attribute Data Types
78-16592-01
A rule is a set of one or more rule elements. A rule element is a logical statement
consisting of the following three items:
A posture validation attribute
•
An operator
•
A value
•
Cisco Secure ACS uses the operator to compare the contents of an attribute to the
value. Each rule element of a rule must be true for the whole rule to be true. In
other words, all rule elements of a rule are "anded" together.
This section contains the following topics:
NAC Attribute Data Types, page 14-19
•
Rule Operators, page 14-20
•
Posture validation attributes can be one of the following data types:
boolean—The attribute can contain a value of either 1 or 0 (zero). In the
•
HTML interface, when you define a rule element with a boolean attribute,
valid input are the words
!= (not equal to). When a rule element using a boolean attribute is evaluated,
corresponds to a value of 0 (zero) and
false
For example, if a rule element for a boolean attribute requires that the
attribute is not equal to
request was 1, Cisco Secure ACS would evaluate the rule element to be true;
however, to avoid confusion, you can express the rule element more clearly
by requiring that the attribute is equal to
•
string—The attribute can contain a string. Valid operators are = (equal to), !=
(not equal to), contains, starts-with, and regular-expression.
integer—The attribute can contain an integer, including a signed integer.
•
Valid operators are = (equal to), != (not equal to), > (greater than), < (less
than), <= (less than or equal to), >= (greater than or equal to). Valid input in
rule elements is an integer between -65535 and 65535.
and
. Valid operators are = (equal to) and
false
true
and the attribute in a specific posture validation
false
true
User Guide for Cisco Secure ACS for Windows Server
NAC Policies
corresponds to 1.
true
.
14-19