Cisco Systems Servers Manuale Utente
6-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 6 Setting Up and Managing User Groups
Common User Group Settings
Step 4
To save the group settings you have just made, click Submit.
For more information, see the
.
Step 5
To continue specifying other group settings, perform other procedures in this
chapter, as applicable.
chapter, as applicable.
Setting Network Access Restrictions for a User Group
The Network Access Restrictions table in the Advanced Settings area of Group
Setup enables you to apply network access restrictions (NARs) in three distinct
ways:
Setup enables you to apply network access restrictions (NARs) in three distinct
ways:
•
Apply existing shared NARs by name
•
Define IP-based group access restrictions to permit or deny access to a
specified AAA client or to specified ports on a AAA client when an IP
connection has been established
specified AAA client or to specified ports on a AAA client when an IP
connection has been established
•
Define CLI/DNIS-based group NARs to permit or deny access to either, or
both, the calling line ID (CLI) number or the Dialed Number Identification
Service (DNIS) number used
both, the calling line ID (CLI) number or the Dialed Number Identification
Service (DNIS) number used
Note
You can also use the CLI/DNIS-based access restrictions area to
specify other values. For more information, see the
specify other values. For more information, see the
Typically, you define (shared) NARs from within the Shared Components section
so that these restrictions can be applied to more than one group or user. For more
information, see the
so that these restrictions can be applied to more than one group or user. For more
information, see the
. You must have enabled the Group-Level Shared Network Access
Restriction check box on the Advanced Options page of the Interface
Configuration section for this set of options to appear in the Cisco Secure ACS
HTML interface.
Configuration section for this set of options to appear in the Cisco Secure ACS
HTML interface.
However, Cisco Secure ACS also enables you to define and apply a NAR for a
single group from within the Group Setup section. You must have enabled the
Group-Level Network Access Restriction setting under the Advanced Options
single group from within the Group Setup section. You must have enabled the
Group-Level Network Access Restriction setting under the Advanced Options