Cisco Cisco Clean Access 3.5
4-25
Cisco Clean Access Server Installation and Administration Guide
OL-7045-01
Chapter 4 Clean Access Server Managed Domain
Local Device and Subnet Filtering
Configure Subnet Access Filter Policies
The Subnets form allows you to specify access rules for an entire subnet. All devices accessing the
network from the subnet are subject to the rule.
network from the subnet are subject to the rule.
To set up subnet-based access controls:
1.
Click the Subnets link in the Filter tab.
2.
In the Subnet address/netmask fields, enter the address of the subnet and the netmask identifying
the significant bits of the subnet address.
the significant bits of the subnet address.
Figure 4-14
Local Subnet Filter
3.
Optionally, type a description of the policy or device in the Description field.
4.
Choose the network access policy for the device from the Access Type choices:
–
allow – Enables the device to access the network without authentication.
–
deny – Prevents the device from accessing the network. If applicable, the user is blocked and
an HTML page appears notifying the user that access is denied.
an HTML page appears notifying the user that access is denied.
–
use role – Applies a role to users with the specified device. If you select this option, also select
the role to be applied. The user will not need to be authenticated.
the role to be applied. The user will not need to be authenticated.
5.
Click Add to save the policy.
The policy, which takes effect immediately, appears in the filter policy list. From there you can remove
a subnet policy using the delete (
a subnet policy using the delete (
) button or edit it by clicking the edit button (
). Note that the subnet
address is not an editable property of the filter policy. To modify an address, you need to create a new
filter policy and delete the existing one.
filter policy and delete the existing one.
You can sort the filter list by column by clicking the heading label (e.g. Subnet, Description).