cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
947
Views
0
Helpful
3
Replies

ISE 1.2 and ACL's with multiple ports

Dave Saunders
Level 1
Level 1

When creating a DACL for my groups I used the Syntax " permit tcp any 192.168.20.0 0.0.0.255 eq 22 443" for one of my acl's inside the DACL and the syntax check validated it. When I pushed it to my groups it also worked but I have heard that this type of multiple port ACL in ISE is not supported. Does anyone know if this is accurate?

1 Accepted Solution

Accepted Solutions

kaaftab
Level 4
Level 4

You can implement multiple DACL to control the access and its works perfectly with ISE

********Do rate Helpful posts***************

View solution in original post

3 Replies 3

Saurav Lodh
Level 7
Level 7

Check supported DACL format

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_authz_polprfls.html#pgfId-1231465

Thanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac. 

kaaftab
Level 4
Level 4

You can implement multiple DACL to control the access and its works perfectly with ISE

********Do rate Helpful posts***************

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: