Cisco Systems CSACS3415K9

9-16

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter9 Managing Policy Eleme nts

Managing Policy Conditions

•Check the check box next to the IP-based device port filter that you want to duplicate, then click

Duplicate.

•Check the check box next to the IP-based device port filter that you want to edit, then click Edit.

A dialog box appears.

Step2 Choose either of the following:

•Single IP Address—If you choose this option, you must enter a valid addre ss, as follows:

–

IPv4 address in the format x.x.x.x, where x can be any number from 0 to 255.

–

IPv6 address in the format x:x:x:x:x:x:x:x, where x represents one to four hexadecimal digits o f

the eight 16-bit pieces of the address. This can be either numbers from 0 to 9 or letters from A

to F.

•IP Range(s)—If you choose this option, you must enter a valid IPv4 or IPv6 address and subnet mask

to filter a range of IP addresses. By default, the subnet mask value for IPv4 is 32, and the IPv6 value

is 128.

Note IPv6 ranges are not supported in ACS 5.4.

Step3 Check the Port check box and enter the port number. This field is of type string and can contain numbers

or characters. You can use the following wildcard characters:

•?—match a single character

•*—match a set of characters

For example, the string “p*1*” would match any word that starts with the letter “p” and contains the

number 1, such as port1, port15, and so on.

Step4 Click OK.