cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
694
Views
5
Helpful
1
Replies

Cisco ISE device admin policy

lnw-team
Level 1
Level 1

Hello, 

I've recently configured new rule on Cisco ISE that allows local administrators access to our devices. The rule consists of the following conditions: 

- Device type equals "Switch"
- User must be a member of AD group
- Device location equals "XYZ"

Instead of applying ACL on VTY line which is not svalable solution, I would like to ask whether it's possible to add another condition, namely source IP address(es).

Is that possible? 

Thank you in advance!

1 Accepted Solution

Accepted Solutions

PradeepSingh
Level 1
Level 1

Hi,

 

If I understand it correctly you want to restrict the the sources from where device can be accesses via ssh/https. If thats so, yes you can use 'Tacacs: Remote Address' condition and you can mention IP address/s of the jump hosts or devcies from where connection will start. 

View solution in original post

1 Reply 1

PradeepSingh
Level 1
Level 1

Hi,

 

If I understand it correctly you want to restrict the the sources from where device can be accesses via ssh/https. If thats so, yes you can use 'Tacacs: Remote Address' condition and you can mention IP address/s of the jump hosts or devcies from where connection will start. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: