User Guide
202 Chapter 5 Configuring groups and profiles
320818-A
The Client Filter menu includes the following options:
/cfg/domain 1/aaa/filter <filter ID>
followed by:
name <name>
Names or renames the filter. After you have defined a
name for the filter, you can use either the filter name or
the filter ID to access the Client Filter menu.
•
name is a string that must be unique in the domain.
The maximum length of the string is 255
characters.
You reference the client filter name when configuring
the extended profile.
tg true|false|ignore
Specifies whether passing or failing the TunnelGuard
host integrity check triggers the filter.
•
true — the client filter triggers when the
TunnelGuard check succeeds.
•
false — the client filter triggers when the
TunnelGuard check fails.
• ignore — passing or failing the TunnelGuard
check will not trigger the client filter.
The default is
ignore.
For example, in order to grant limited access rights to
users who fail the TunnelGuard check, set the
tg value
to
false, create an extended profile that references
this client filter, and then map the extended profile to a
restrictive VLAN.
For information about configuring the TunnelGuard
checks, see “Configuring the TunnelGuard check using
the CLI” on page 132.
comment <comment>
Creates a comment about the client filter.
del
Removes the client filter from the current configuration.