cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

522
Views
5
Helpful
2
Replies
ISE-R-US
Beginner

Cisco ISE Policy Conditions Studio "IN" Usage

I have a very simple problem in that I need to bypass a set of endpoints from a policy.  I am in conditions studio and am trying to use the "in".  For example, as a test I am trying to use

 

Radius User-Name In {username list}

I've tried space delimited, then comma, coma space, pipe and haven't had success yet.  Anyone have an "IN" example for me to get a clue?  I'm sure once I see it, I'll feel foolish, but I am what I am.  I have a lot of policies, but have never used IN before and just keep missing it.   Of course, it works with one item, but after that I am failing.

 

I'll keep on looking for documentation or an example and keeping trying to guess at the syntax.

Thank you.

2 ACCEPTED SOLUTIONS

Accepted Solutions
ISE-R-US
Beginner

I never did figure it out. I tried 8 various combinations of delimited lists.   I finally bailed and with went with this MATCHES using regex string.  I need to do some more testing, but it seems to work so far.

 

(?i)user1|user2|user3

 

 

View solution in original post

Yes, you need to use MATCHES with regex if comparing against list of usernames defined in the condition. IN is used to find out if the user is in the existing AD/LDAP group or internal user/endpoint group.

View solution in original post

2 REPLIES 2
ISE-R-US
Beginner

I never did figure it out. I tried 8 various combinations of delimited lists.   I finally bailed and with went with this MATCHES using regex string.  I need to do some more testing, but it seems to work so far.

 

(?i)user1|user2|user3

 

 

View solution in original post

Yes, you need to use MATCHES with regex if comparing against list of usernames defined in the condition. IN is used to find out if the user is in the existing AD/LDAP group or internal user/endpoint group.

View solution in original post

Content for Community-Ad