cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

597
Views
0
Helpful
4
Replies
richard.dean
Beginner

ACS 5.3 - Unable to properly import IP ranges (AAA Clients)

I have multiple AAA Clients that I need to add. The way I manage the clients, I often make changes of moving IPs from one group to another. I require that all clients use "IP Ranges". I try import the following IPs (8.8.8.1;8.8.8.3;8.8.8.9-10;8.8.8.25) I need them all to be ranges, but what happens is after I import it, I then go to that AAA Client, it makes them all "IP Range(s) By Mask" and siplays it like this:

--- IP --------- Mask

8.8.8.1         /32

8.8.8.3         /32

8.8.8.9-10   

8.8.8.25       /32

Now if I need to add another range, I can't as "IP Range(s) By Mask" is selected. If I try to click on "IP Ranges" I get an error that says I can;t switch from IP Mask mode to IP Range mode.

If I click on "Help", that doesn;t help as the example has commas not semi colons, and it will not import. and it has extra commas for no reason.

Some examples of entering IP address ranges are:

A single range—10.77.10.1-10,,,, 192.120.10-12.10

Multiple ranges—10.*.1-20.10, 192.1-23.*.100-150

Exclusions from a range—10.10.1-255.* exclude 10.10.10-200.100-150

Right now I have to create each entry manually and add each IP one at a time, or ranges at a time. After Submitting, I can edit the entry and add another range if I want as it will stay "IP Ranges".

Anyone know of a solution to this?

4 REPLIES 4
Saurav Lodh
Rising star

Please refer to “Network Devices and AAA Clients ” section of the following link , it may help you.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/net_resources.html

jrabinow
Rising star

I was able to do this in ACS 5.4 by using following definiition in import file

8.8.8.1/32;8.8.8.3/32;8.8.8.9-10/32;8.8.8.25/32

Note I don't the option ""IP Range(s) By Mask" in the GUI but do see that IP ranges is enabled after I do this operation

jrabinow,

I have tried that too, still doesn't work. This is what happens.

The red arrow is what I want. I need ranges.

If I try to add a new range at this point I am not allowed to put a dash in the IP field, so no more ranges.

What if you choose the IP Range(s) before importing the file then add one dummy entry. After that try importing the file.

Will that help?

Regards,

Amajd

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube