https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139788#M132743 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you try to use the argument "Matches" and if it is not present you can add this into an authorization condition (Policy Elements &gt; Conditions &gt; Authorization). Create the condition there and then call the condition in the authorization policy.</P><P></P><P>Thanks,</P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 16 Apr 2013 16:07:22 GMT Tarik Admani 2013-04-16T16:07:22Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139785#M132740 <P>I'm trying to add a condition rule into an uthorization policy by using the 'NAS IP Address' with a IP address that has a wildcard in it, ie, 192.168.0.* but it doesn't seem to like that.&nbsp; Does anyone know how I can use a wildcard in this field?&nbsp; I only have option of 'Equals' 'Not Equals' so there is no 'Starts with'</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 03:18:44 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139785#M132740 Zachary McGibbon 2019-03-11T03:18:44Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139786#M132741 <HTML><HEAD></HEAD><BODY><P>What version of code are you on, you should be able to regex in combination with the "matches" argument. Here is a sample of the regex commands you can use with ISE.</P><P></P><P></P><P>Example 3: Matches—You select the CERTIFICATE dictionary, and you select the Organization value, which displays CERTIFICATE:Organization in the Expression field. You select the Matches operator in the second field (pull-down list). In the third field (text box), you enter a REGEX value to match Organization value. The following are some common options for "Matches:</P><P>–`Starts with'—for example, using the REGEX value of ^(Acme).*—this condition is configured as CERTIFICATE:Organization MATCHES `Acme' (any match with a condition that starts with "Acme").</P><P>–`Ends with'—for example, using the REGEX value of .*(mktg)$—this condition is configured as CERTIFICATE:Organization MATCHES `mktg' (any match with a condition that ends with "mktg").</P><P>–`Contains'—for example, using the REGEX value of .*(1234).*—this condition is configured as CERTIFICATE:Organization MATCHES `1234' (any match with a condition that contains "1234", such as Eng1234, 1234Dev, and Corp1234Mktg).</P><P>–`Does not start with'—for example, using the REGEX value of ^(?!LDAP).*—this condition is configured as CERTIFICATE:Organization MATCHES `LDAP' (any match with a condition that does not start with "LDAP", such as usLDAP or CorpLDAPmktg).</P><P></P><P>Thanks,</P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Mon, 15 Apr 2013 21:43:25 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139786#M132741 Tarik Admani 2013-04-15T21:43:25Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139787#M132742 <HTML><HEAD></HEAD><BODY><P> Tarik, I tried to put this condition in with regex and it failed, my condition:</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/1/6/8/135861-condition.png" class="jive-image" /></P><P></P><P>And I get this:</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/2/6/8/135862-condition.png" class="jive-image" /></P><P></P><P>So it doesn't look like it likes it...&nbsp; I'm running:</P><P></P><P>ise-01/admin# sh application version ise</P><P></P><P>Cisco Identity Services Engine</P><P>---------------------------------------------</P><P>Version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 1.1.3.124</P><P>Build Date&nbsp;&nbsp; : Thu Feb&nbsp; 7 06:55:38 2013</P><P>Install Date : Fri Apr 12 14:17:44 2013</P><P></P><P>Cisco Identity Services Engine Patch</P><P>---------------------------------------------</P><P>Version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 1</P><P>Install Date : Fri Apr 12 14:23:17 2013</P></BODY></HTML> Tue, 16 Apr 2013 15:59:53 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139787#M132742 Zachary McGibbon 2013-04-16T15:59:53Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139788#M132743 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you try to use the argument "Matches" and if it is not present you can add this into an authorization condition (Policy Elements &gt; Conditions &gt; Authorization). Create the condition there and then call the condition in the authorization policy.</P><P></P><P>Thanks,</P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 16 Apr 2013 16:07:22 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139788#M132743 Tarik Admani 2013-04-16T16:07:22Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139789#M132744 <HTML><HEAD></HEAD><BODY><P> For NAS-IP I only get EQUALS, NOT EQUALS, no matches <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/sad.gif"></SPAN></P></BODY></HTML> Tue, 16 Apr 2013 16:10:14 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139789#M132744 Zachary McGibbon 2013-04-16T16:10:14Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139790#M132745 <HTML><HEAD></HEAD><BODY><P>That is fine, you should be able to add this in the authorization condition.</P><P></P><P>Thanks,</P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 16 Apr 2013 16:11:24 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139790#M132745 Tarik Admani 2013-04-16T16:11:24Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139791#M132746 <HTML><HEAD></HEAD><BODY><P> Same thing </P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/3/6/8/135863-condition.png" class="jive-image" /></P></BODY></HTML> Tue, 16 Apr 2013 16:14:40 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139791#M132746 Zachary McGibbon 2013-04-16T16:14:40Z https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139792#M132747 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Since you are trying to use the nas-ip-address with a wildcard you may want to consider mapping these network devices to a group and setting the group condition. However, I am curious to see if this is a bug, because I am able to run the matches condition against the Called-Station-ID.</P><P></P><P>Can you please run this by TAC and see if a bug needs to be opened or have a feature enhancement filed for this? I would assume all attributes should be able to use regex statements with the Matches arguement.</P><P></P><P>Thanks</P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 16 Apr 2013 16:29:43 GMT https://community.cisco.com/t5/network-access-control/ise-condition-nas-ip-address-wildcard/m-p/2139792#M132747 Tarik Admani 2013-04-16T16:29:43Z