9-13
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter9 Managing Policy E lements
Managing Policy Conditions
Note To configure a filter, at a minimum, you must enter filter criteria in at least one of the three tabs.
Step5 Click Submit to save the changes.
Related Topics
Managing Network Conditions, page 9-6
Importing Network Conditions, page 9-8
Creating, Duplicating, and Editing End Station Filters, page 9-9
Creating, Duplicating, and Editing Device Port Filters, page 9-15
Defining IP Address-Based Device Filters
You can create, duplicate, and edit the IP addresses of network devices that you want to permit or deny
access to. To do this:
Step1 From the IP Address tab, do one of the following:
Click Create.
Check the check box next to the IP-based device filter that you want to duplicate, then click
Duplicate.
Check the check box next to the IP-based device filter that you want to edit, then click Edit.
A dialog box appears.
Step2 Choose either of the following:
Single IP Address—If you choose this option, you must enter a valid addre ss, as follows:
IPv4 address in the format x.x.x.x, where x can be any number from 0 to 255.
IPv6 address in the format x:x:x:x:x:x:x:x, where x represents one to four hexadecimal digits o f
the eight 16-bit pieces of the address. This can be either numbers from 0 to 9 or letters from A
to F.
IP Range(s)—If you choose this option, you must enter a valid IPv4 or IPv6 address and subnet mask
to filter a range of IP addresses. By default, the subnet mask value for IPv4 is 32, and the IPv6 value
is 128.
Note IPv6 ranges are not supported in ACS 5.4.
Step3 Click OK.
Related Topics
Managing Network Conditions, page 9-6
Creating, Duplicating, and Editing Device Filters, page 9-12
Defining Name-Based Device Filters, page 9-14
Defining NDG-Based Device Filters, page9-14