When you add a client to a client access list, the syntax you use determines the type of client you are adding. Specifically:
Computer name -- A DNS name or IP address.
Network -- The network or subnet is preceded by an at-sign (@). It can be either a name or a dotted IP address. For example: bignet or @123.144.
Netgroup -- A valid DNS name. For example: net1@big.company.
DNS suffix -- A DNS suffix is distinguished from host names and netgroups by a prefixed dot. For example: .domain.comp.com. A single dot can be used to match a host name with no suffix. For example: . matches domain but not domain.comp.com.
A prefixed minus sign (-) denies access to an item in the access list. The list is searched sequentially until a match is found that either grants or denies access, or until the end of the list is reached.
See the Authentication topic in the Help Topics window for more information about access list syntax.