Chapter 9 Managing Policy Elements

Managing Policy Conditions

Check the check box next to the device port filter that you want to edit, then click Edit.

Click Export to save a list of device port filters in a .csv file. For more information, see Exporting Network Conditions, page 9-9.

Click Replace from File to perform a bulk import of device port filters from a .csv import file. For more information, see Importing Network Conditions, page 9-8.

Step 3 Enter the values for the following fields:

Name—Name of the device port filter.

Description—A description of the device port filter.

Step 4 Edit the fields in any or all of the following tabs:

IP Address—SeeDefining IP Address-Based Device Port Filters, page 9-15for a description of the fields in this tab.

Device Name—SeeDefining NDG-Based Device Port Filters, page 9-17for a description of the fields in this tab.

Network Device Group—SeeDefining NDG-Based Device Port Filters, page 9-17for a description of the fields in this tab.

Note To configure a filter, at a minimum, you must enter filter criteria in at least one of the three tabs.

Step 5 Click Submit to save the changes.

Related Topics

Managing Network Conditions, page 9-6

Importing Network Conditions, page 9-8

Creating, Duplicating, and Editing End Station Filters, page 9-9

Creating, Duplicating, and Editing Device Filters, page 9-12

Defining IP Address-Based Device Port Filters

You can create, duplicate, and edit the IP addresses of the network device ports that you want to permit or deny access to. To do this:

Step 1 From the IP Address tab, do one of the following:

Click Create.

Check the check box next to the IP-based device port filter that you want to duplicate, then click Duplicate.

Check the check box next to the IP-based device port filter that you want to edit, then click Edit. A dialog box appears.

Step 2 Choose either of the following:

Single IP Address—If you choose this option, you must enter a valid IPv4 address of the format x.x.x.x, where x can be any number from 0 to 255.

IP Range(s)—If you choose this option, you must enter a valid IPv4 address and subnet mask to filter a range of IP addresses. By default, the subnet mask value is 32.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

9-15

 

 

 

 

 

Page 245
Image 245
Cisco Systems OL-24201-01 manual Defining IP Address-Based Device Port Filters