09-25-2022 11:15 PM
Hello,
I've recently configured new rule on Cisco ISE that allows local administrators access to our devices. The rule consists of the following conditions:
- Device type equals "Switch"
- User must be a member of AD group
- Device location equals "XYZ"
Instead of applying ACL on VTY line which is not svalable solution, I would like to ask whether it's possible to add another condition, namely source IP address(es).
Is that possible?
Thank you in advance!
Solved! Go to Solution.
09-26-2022 03:22 AM
Hi,
If I understand it correctly you want to restrict the the sources from where device can be accesses via ssh/https. If thats so, yes you can use 'Tacacs: Remote Address' condition and you can mention IP address/s of the jump hosts or devcies from where connection will start.
09-26-2022 03:22 AM
Hi,
If I understand it correctly you want to restrict the the sources from where device can be accesses via ssh/https. If thats so, yes you can use 'Tacacs: Remote Address' condition and you can mention IP address/s of the jump hosts or devcies from where connection will start.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: