Cisco Cisco NAC Appliance 4.1.0
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 3 Device Management: Adding Clean Access Servers, Adding Filters
Global Device and Subnet Filtering
Display / Search Device Filter Policies
•
Priorities can be defined for ranges (via the Order page)
•
A single MAC address device filter (e.g. 00:14:6A:6B:6C:6D) always takes precedence on the filter
List over a wildcard/range device filter (e.g. 00:14:6A:6B:*, or 00:14:6A:*).
List over a wildcard/range device filter (e.g. 00:14:6A:6B:*, or 00:14:6A:*).
•
New wildcard/range device filters are always put at the end of the List page. To change the priority,
go to the Order page.
go to the Order page.
•
The role assignment for a single MAC address device filter always takes precedence over other
filters. You can check the role assignment to be used for a MAC address using the Test page.
filters. You can check the role assignment to be used for a MAC address using the Test page.
•
The Test page shows which filter will take effect for the MAC address entered.
1.
You can narrow the number of devices displayed in the filter list (under Device Management >
Filters > Devices > List) using the following search criteria:
Filters > Devices > List) using the following search criteria:
Clean Access Server: Any CAS, GLOBAL, or <CAS IP address>
Access: Any Access, allow, deny, use role
MAC Address
IP Address
Description
For MAC Address, IP Address and Description searches, you can select equals (exact match), starts
with, ends with, or contains operators for text entered in the search text field.
with, ends with, or contains operators for text entered in the search text field.
2.
Click the View button after entering the search criteria to display the desired search.
Figure 3-5
Device Filters List
3.
Clicking Reset View resets the list to display all entries (default). Use the First, Previous, Next,
and Last links to navigate the pages. A maximum of 25 entries are shown per page.
and Last links to navigate the pages. A maximum of 25 entries are shown per page.
The Clean Access Server column in the list shows the scope of the policy. If the policy was configured
locally in the CAS management pages, this field displays the IP address of the originating Clean Access
Server. If the policy was configured globally for all Clean Access Servers in the Device Management >
Filters module of the admin console, the field displays GLOBAL.
locally in the CAS management pages, this field displays the IP address of the originating Clean Access
Server. If the policy was configured globally for all Clean Access Servers in the Device Management >
Filters module of the admin console, the field displays GLOBAL.
The filter list can be sorted by column by clicking on the column heading label (MAC Address, IP
Address, Clean Access Server, Description, Access Type).
Address, Clean Access Server, Description, Access Type).
filtered
devices
indicator
devices
indicator