Cisco Systems Servers Manuale Utente

To save the group settings you have just made, click Submit.

For more information, see the 

.

To continue specifying other group settings, perform other procedures in this 
chapter, as applicable.

The Network Access Restrictions table in the Advanced Settings area of Group 
Setup enables you to apply network access restrictions (NARs) in three distinct 
ways: 

Apply existing shared NARs by name

Define IP-based group access restrictions to permit or deny access to a 
specified AAA client or to specified ports on a AAA client when an IP 
connection has been established

Define CLI/DNIS-based group NARs to permit or deny access to either, or 
both, the calling line ID (CLI) number or the Dialed Number Identification 
Service (DNIS) number used

You can also use the CLI/DNIS-based access restrictions area to 
specify other values. For more information, see the 

Typically, you define (shared) NARs from within the Shared Components section 
so that these restrictions can be applied to more than one group or user. For more 
information, see the 

. You must have enabled the Group-Level Shared Network Access 

Restriction check box on the Advanced Options page of the Interface 
Configuration section for this set of options to appear in the Cisco Secure ACS 
HTML interface.

However, Cisco Secure ACS also enables you to define and apply a NAR for a 
single group from within the Group Setup section. You must have enabled the 
Group-Level Network Access Restriction setting under the Advanced Options