Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1007
Views
5
Helpful
1
Replies

Cisco ISE device admin policy

Go to solution
lnw-team
Level 1
Level 1

‎09-25-2022 11:15 PM

Hello, 

I've recently configured new rule on Cisco ISE that allows local administrators access to our devices. The rule consists of the following conditions: 

- Device type equals "Switch"
- User must be a member of AD group
- Device location equals "XYZ"

Instead of applying ACL on VTY line which is not svalable solution, I would like to ask whether it's possible to add another condition, namely source IP address(es).

Is that possible? 

Thank you in advance!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
PSM
Level 1
Level 1

‎09-26-2022 03:22 AM

Hi,

 

If I understand it correctly you want to restrict the the sources from where device can be accesses via ssh/https. If thats so, yes you can use 'Tacacs: Remote Address' condition and you can mention IP address/s of the jump hosts or devcies from where connection will start. 

View solution in original post

1 Reply 1

Go to solution
PSM
Level 1
Level 1

‎09-26-2022 03:22 AM

Hi,

 

If I understand it correctly you want to restrict the the sources from where device can be accesses via ssh/https. If thats so, yes you can use 'Tacacs: Remote Address' condition and you can mention IP address/s of the jump hosts or devcies from where connection will start. 

Customers Also Viewed These Support Documents