ACS 5.5 Command Set Regular Expression

2emoran · ‎05-15-2014

I use command sets quite a bit to permit/deny specific commands for different admin groups. I want to create a new command set to block certain subnets from being used on the network at all. I thought regular expressions would be good here, but I cannot get these to work at all.

As an example, if I deny the command "*" and argument "ip host 172.16.", I cannot create an ACL line to permit ip host 172.16.1.1 or deny ip host 172.16.1.1.

How do I make this work so that no matter what precedes or follows the IP, the command is denied so that I can deny "ip address 172.16.1.1", "ip host 172.1.1", "ip 172.16.1.1", server 172.16.1.1", etc.?

edwardcollins7 · ‎05-19-2014

Hey,

The "*" will not work.

You need to first jot down the list of commands that allow an ip address as an argument.

Then use them and add the respective arguments in deny.

Regards

Ed

ACS 5.5 Command Set Regular Expression

ACS 5.5分布式部署相关问题

Nexus Dashboard: acs コマンドについて (version 3.x)

ACS Upgrade Path 一覧(5.1/5.2/5.3/5.4/5.5/5.6/5.7/5.8/5.8.1)

DHCP relay agent check command

Umbrella: Protected Network と Regular Network