cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

535
Views
0
Helpful
3
Replies
Dave Saunders
Beginner

ISE 1.2 and ACL's with multiple ports

When creating a DACL for my groups I used the Syntax " permit tcp any 192.168.20.0 0.0.0.255 eq 22 443" for one of my acl's inside the DACL and the syntax check validated it. When I pushed it to my groups it also worked but I have heard that this type of multiple port ACL in ISE is not supported. Does anyone know if this is accurate?

1 ACCEPTED SOLUTION

Accepted Solutions
kaaftab
Enthusiast

You can implement multiple DACL to control the access and its works perfectly with ISE

********Do rate Helpful posts***************

View solution in original post

3 REPLIES 3
Saurav Lodh
Rising star

Check supported DACL format

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_authz_polprfls.html#pgfId-1231465

Thanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac. 

kaaftab
Enthusiast

You can implement multiple DACL to control the access and its works perfectly with ISE

********Do rate Helpful posts***************

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube