Cisco 3.3 User Manual
Page 201
6-11
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Basic User Group Settings
Step 5
To permit or deny access to this user group based on calling location or values
other than an established IP address, follow these steps:
a.
Select the Define CLI/DNIS-based access restrictions check box.
b.
To specify whether the subsequent listing specifies permitted or denied
values, from the Table Defines list, select one of the following:
•
Permitted Calling/Point of Access Locations
•
Denied Calling/Point of Access Locations
c.
From the AAA Client list, select either All AAA Clients or the name of the
NDG or the name of the particular AAA client to which to permit or deny
access.
d.
Complete the following boxes:
Note
You must type an entry in each box. You can use the wildcard asterisk
(*) for all or part of a value. The format you use must match the
format of the string you receive from your AAA client. You can
determine this format from your RADIUS Accounting Log.
•
PORT—Type the number of the port to which to permit or deny access.
You can use the wildcard asterisk (*) to permit or deny access to all ports.
•
CLI—Type the CLI number to which to permit or deny access. You can
use the wildcard asterisk (*) to permit or deny access based on part of the
number or all numbers.
Tip
This is also the selection to use if you want to restrict access based on
other values, such as a Cisco Aironet client MAC address. For more
information, see
About Network Access Restrictions, page 5-15
•
DNIS—Type the DNIS number to restrict access based on the number
into which the user will be dialing. You can use the wildcard asterisk (*)
to permit or deny access based on part of the number or all numbers.
Tip
This is also the selection to use if you want to restrict access based on
other values, such as a Cisco Aironet AP MAC address. For more
information, see