IBNS2.0 Cannot nest class-map

rlienard — Fri, 03 Sep 2021 18:17:03 GMT

Hi all,

I'm trying to do the following :

service-template IOT_DEVICES_TEMPLATE
sgt 3
vlan 100
!

class-map type control subscriber match-all AAA_SVR_DOWN_UNAUTHD_IOT_DEVICES
match result-type aaa-timeout
match authorization-status unauthorized
match --->>> I would like to match a list of MAC OUI here but I can't since the "match-all" condition is set and I need it 😞
!
class-map type control subscriber match-any IN_LOCAL_AUTH_MODE
match activated-service-template IOT_DEVICES_TEMPLATE
!
policy-map type control subscriber PMAP_DefaultWiredDot1xClosedAuth_1X_MAB

....
event authentication-failure match-first
6 class AAA_SVR_DOWN_UNAUTHD_IOT_DEVICES do-until-failure
10 activate service-template IOT_DEVICES_TEMPLATE
30 authorize
40 pause reauthentication
event aaa-available match-all
30 class IN_LOCAL_AUTH_MODE do-until-failure
10 clear-session
!

Basically I need to nest a class-map with a match-any condition inside a class-map with a match-all condition..

This seems not be supported so do someone has a good alternative to this ?

I would like to avoid creating one class-map per OUI family🙂

Best regards,

Raphael

topic IBNS2.0 Cannot nest class-map in Network Security

IBNS2.0 Cannot nest class-map