Cisco Cisco Clean Access 3.5

In the Subnet Address/Netmask fields, enter the subnet address and subnet mask in CIDR format.

Optionally, type a Description of the policy or device. 

Choose the network Access Type for the subnet: 

allow – Enables devices on the subnet to access the network without authentication. 

deny – Blocks devices on the subnet from accessing the network. 

use role – Allows access without authentication and applies a role to users accessing the 
network from the specified subnet. If you select this option, also select the role to apply to these 
devices. See 

 for details on user roles. 

Click Add to save the policy. 

The policy takes effect immediately and appears at the top of the filter policy list.

If bandwidth management is enabled, devices allowed without specifying a role will use the bandwidth 
of the Unauthenticated Role. See 

 for details.

After a subnet filter is added, you can remove it using the Delete (

) button or edit it by clicking the 

Edit button (

). Note that the subnet address is not an editable property of the filter policy. To modify 

a subnet address, you need to create a new filter policy and delete the existing one. 

The Clean Access Server column in the list of policies shows the scope of the policy. If the policy was 
configured as a local setting in a Clean Access Server, this field identifies the CAS by IP address. If the 
policy was configured globally in the Clean Access Manager, the field displays GLOBAL.

The filter list can be sorted by column by clicking on the column heading label (Subnet, Clean Access 
Server, Description, Access Type).