Chapter 7
Setting Up and Managing User Accounts
d.
To permit or deny this user access based on calling location or values other than
Step 4
an established IP address, follow these steps:
a.
b.
c.
Tip
78-14696-01, Version 3.1
Click enter.
Result: The specified AAA client, port, and address information appears in
the table above the AAA Client list.
Select the Define CLI/DNIS based access restrictions check box.
To specify whether the subsequent listing specifies permitted or denied
values, from the Table Defines list, select one of the following:
Permitted Calling/Point of Access Locations
•
•
Denied Calling/Point of Access Locations
Complete the following boxes:
You must make an entry in each box. You can use the wildcard
Note
asterisk (*) for all or part of a value. The format you use must match
the format of the string you receive from your AAA client. You can
determine this format from your RADIUS Accounting Log.
•
AAA Client—Select All AAA Clients, or the name of the NDG, or the
name of the individual AAA client, to which to permit or deny access.
•
PORT—Type the number of the port to which to permit or deny access.
You can use the wildcard asterisk (*) to permit or deny access to all ports.
•
CLI—Type the CLI number to which to permit or deny access. You can
use the wildcard asterisk (*) to permit or deny access based on part of the
number.
This is also the selection to use if you want to restrict access based on
other values such as a Cisco Aironet client MAC address. For more
information, see
About Network Access Restrictions, page
DNIS—Type the DNIS number to which to permit or deny access. Use
•
this to restrict access based on the number into which the user will be
dialing. You can use the wildcard asterisk (*) to permit or deny access
based on part of the number.
User Guide for Cisco Secure ACS for Windows Server
Basic User Setup Options
5-6.
7-15