12-02-2013 01:13 PM - edited 03-10-2019 09:08 PM
When creating a DACL for my groups I used the Syntax " permit tcp any 192.168.20.0 0.0.0.255 eq 22 443" for one of my acl's inside the DACL and the syntax check validated it. When I pushed it to my groups it also worked but I have heard that this type of multiple port ACL in ISE is not supported. Does anyone know if this is accurate?
Solved! Go to Solution.
05-19-2014 03:20 AM
You can implement multiple DACL to control the access and its works perfectly with ISE
********Do rate Helpful posts***************
05-19-2014 03:05 AM
Check supported DACL format
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_authz_polprfls.html#pgfId-1231465
05-19-2014 03:20 AM
Thanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac.
05-19-2014 03:20 AM
You can implement multiple DACL to control the access and its works perfectly with ISE
********Do rate Helpful posts***************
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide