Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1420
Views
0
Helpful
1
Replies

Cisco ISE Command sets matching lines with specific word

Arne Vellinga
Level 1
Level 1

‎07-13-2020 04:46 AM - edited ‎07-13-2020 04:47 AM

Hi, i want to filter out all commands containing "MGMT" on my ASA.

But it doesn't work for me, it looks like my regex argument isn't being activated.

The command portion seems to work if i test with fixed arguments.

 

I use the following statement:

 

GrantCommandArguments
DENY_ALWAYS*.*MGMT.*

 

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎07-17-2020 03:39 PM

Hello

 

ISE uses different logic when processing the TACACS commands and the arguments. 

https://communities.cisco.com/thread/86989  

commands use wildcards: e.g. sh*    or  sh??

arguments use regex: e.g. ^Interf.*[12345]

0 Helpful
Customers Also Viewed These Support Documents