Cisco ISE Command sets matching lines with specific word

Arne Vellinga · ‎07-13-2020

Hi, i want to filter out all commands containing "MGMT" on my ASA.

But it doesn't work for me, it looks like my regex argument isn't being activated.

The command portion seems to work if i test with fixed arguments.

I use the following statement:

Grant	Command	Arguments
DENY_ALWAYS	*	.MGMT.

Arne Bier · ‎07-17-2020

Hello

ISE uses different logic when processing the TACACS commands and the arguments.

commands use wildcards: e.g. sh* or sh??

arguments use regex: e.g. ^Interf.*[12345]

ISE: Air Gapped環境におけるSpecific License Reservation(SLR)の有効方法