This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I would like to get some information regarding the behavior of the contains operator.
So, here I have two authentication policy, with called-station-ID contains Cisco and another one with called-station-ID contains Cisco1
When a user connects to SSID Cisco, the policy with SSID Cisco1 will not be evaluated and the policy containing Cisco will be evaluated?
My question is here is that since I am using contains operator here, does it match the entire string or it looks for the Cisco in Cisco1 and select that policy?
So, when a user connects to SSID Cisco, which policy will be evaluated? the one with Cisco1 or Cisco?
Contains will match whole string and authorization policy works in order,if called station Id contains Cisco1 is first rule & cisco is second rule.user connects to Cisco ssid will be evaluated with Cisco policy.
So, if I configure the policy as follows:
If a user connects to SSID "Cisco", then also he will be evaluated based on the policy containing "Cisco1"? Right? :/
No,if user connects to Cisco ssid he will be evaluated based on second policy sets as the first policy sets doesn't match the ssid name.
Also in policy sets you are using equals not contains.
The previous ones were created in a hurry just to visualize what I was trying to explain, here is the correct ones;
Now this proves, when the user selects Cisco SSID, he will be evaluated based on policy for Cisco and not from Cisco1, right?
This also shows that, the entire string is matched.
The matches would allow you to specify Regex to do an exact match, but you can also just use the ends with.
Ends with Cisco and Ends with Cisco1 do not overlap.