6-7
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 6 Setting Up and Managing User Groups
Common User Group Settings
Step 4
To save the group settings you have just made, click Submit.
For more information, see
Saving Changes to User Group Settings, page 6-53
.
Step 5
To continue specifying other group settings, perform other procedures in this
chapter, as applicable.
Setting Network Access Restrictions for a User Group
The Network Access Restrictions table in Group Setup enables you to apply
network access restrictions (NARs) in three distinct ways:
•
Apply existing shared NARs by name.
•
Define IP-based group access restrictions to permit or deny access to a
specified AAA client or to specified ports on a AAA client when an IP
connection has been established.
•
Define CLI/DNIS-based group NARs to permit or deny access to either, or
both, the calling line ID (CLI) number or the Dialed Number Identification
Service (DNIS) number used.
Note
You can also use the CLI/DNIS-based access restrictions area to
specify other values. For more information, see
About Network
Access Restrictions, page 5-6
.
Typically, you define (shared) NARs from within the Shared Components section
so that these restrictions can be applied to more than one group or user. For more
information, see
Shared Network Access Restrictions Configuration, page 5-8
.
You must have enabled the Group-Level Shared Network Access Restriction
check box on the Advanced Options page of the Interface Configuration section
for these options to appear in the Cisco Secure ACS HTML interface.
However, Cisco Secure ACS also enables you to define and apply a NAR for a
single group from within the Group Setup section. You must have enabled the
Group-Level Network Access Restriction setting under the Advanced Options
page of the Interface Configuration section for single group IP-based filter options
and single group CLI/DNIS-based filter options to appear in the
Cisco Secure ACS HTML interface.