Table of Contents
Advertisement
NAC Policies
Local Policy Configuration Options
User Guide for Cisco Secure ACS for Windows Server
14-22
$ (dollar)—The $ operator matches the end of a string. For example,
–
would match the string
days-since-last-update—The rule element is true if the attribute contains a
•
date and if the difference in days between that date and the current date is less
than or equal to the number that you specify. For example, in the following
rule element:
Symantec:AV:DAT-Date days-since-last-update 14
the rule element is true for posture validation requests whose
Symantec:AV:DAT-Date attribute contain a date that is no more than 14 days
in the past.
mask—The rule element is true if the attribute contains an IP address and if
•
that address belongs to the subnet identified by the netmask and IP address
that you specify as the rule element value. The format for the rule element
value is:
mask/IP
For example, using the mask operator with a value of
255.255.255.0/192.168.73.8
address of 192.168.73.0 to 192.168.73.255. Any mask is permissible and
Cisco Secure ACS determines the set of IP addresses matching the value
specified using standard subnet masking logic.
On the Local Policy Configuration page you can specify the rules that make up a
policy, including their order. The options for configuring a local policy are as
follows:
Name—Specifies the name by which you want to identify the policy. When
•
selecting a policy for a NAC database, you select it by name, and the
description is not viewable on the policy selection page; therefore, you should
make the name as useful as possible.
The name can contain up to 32 characters. Leading and trailing spaces
Note
are not allowed. Names cannot contain the following four characters:
[ ] , /
Chapter 14
or the string
Cisco
Tibco
would match an attribute containing an IP
Network Admission Control
co$
.
78-16592-01
Advertisement
Table of Contents
Troubleshooting
