14-19
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 14 Network Admission Control
NAC Policies
About Rules, Rule Elements, and Attributes
A rule is a set of one or more rule elements. A rule element is a logical statement
consisting of the following three items:
• A posture validation attribute
• An operator
• A value
Cisco Secure ACS uses the operator to compare the contents of an attribute to the
value. Each rule element of a rule must be true for the whole rule to be true. In
other words, all rule elements of a rule are “anded” together.
This section contains the following topics:
• NAC Attribute Data Types, page 14-19
• Rule Operators, page 14-20
NAC Attribute Data Types
Posture validation attributes can be one of the following data types:
• boolean—The attribute can contain a value of either 1 or 0 (zero). In the
HTML interface, when you define a rule element with a boolean attribute,
valid input are the words
false and true. Valid operators are = (equal to) and
!= (not equal to). When a rule element using a boolean attribute is evaluated,
false corresponds to a value of 0 (zero) and true corresponds to 1.
For example, if a rule element for a boolean attribute requires that the
attribute is not equal to
false and the attribute in a specific posture validation
request was 1, Cisco Secure ACS would evaluate the rule element to be true;
however, to avoid confusion, you can express the rule element more clearly
by requiring that the attribute is equal to
true.
• string—The attribute can contain a string. Valid operators are = (equal to), !=
(not equal to), contains, starts-with, and regular-expression.
• integer—The attribute can contain an integer, including a signed integer.
Valid operators are = (equal to), != (not equal to), > (greater than), < (less
than), <= (less than or equal to), >= (greater than or equal to). Valid input in
rule elements is an integer between -65535 and 65535.
To Next Page
Loading...
Need help?
General