Specifications
2-28
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 2 Device Management: Adding Clean Access Servers, Adding Filters
Global Device and Subnet Filtering
Figure 2-12 Subnet Filters
Step 2 In the Subnet Address/Netmask fields, enter the subnet address and subnet mask in CIDR format.
Step 3 Optionally, type a Description of the policy or device.
Step 4 Choose the network Access Type for the subnet:
• allow – Enables devices on the subnet to access the network without authentication.
• deny – Blocks devices on the subnet from accessing the network.
• use role – Allows access without authentication and applies a role to users accessing the network
from the specified subnet. If you select this option, also select the role to apply to these devices. See
Chapter 6, “User Management: Configuring User Roles and Local Users” for details on user roles.
Step 5 Click Add to save the policy.
The policy takes effect immediately and appears at the top of the filter policy list.
Note If bandwidth management is enabled, devices allowed without specifying a role will use the bandwidth
of the Unauthenticated Role. See Control Bandwidth Usage, page 8-13 for details.
After a subnet filter is added, you can remove it using the Delete icon or edit it by clicking the Edit icon.
Note that the subnet address is not an editable property of the filter policy. To modify a subnet address,
you need to create a new filter policy and delete the existing one.
The Clean Access Server column in the list of policies shows the scope of the policy. If the policy was
configured as a local setting in a Clean Access Server, this field identifies the CAS by IP address. If the
policy was configured globally in the Clean Access Manager, the field displays GLOBAL.