Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
2
Helpful
0
Replies

ISE 3.1 Tacacs Command set regex - restricting "COPY" - SOLVED

ericmontgomery1
Level 1
Level 1

‎06-06-2023 08:59 AM - edited ‎06-06-2023 09:53 AM

I'm trying to restrict the COPY command to two very specific commands:

copy running-config flash:/candidate_config.txt

copy null: flash:/merge_config.txt

 

But the null: and flash: arguments don't seem to work as arguments within the ISE command set.  I know the switch sees them as two arguments with a "aaa debug authorization".  But nothing in the ISE command set seems to work.

If I permit the exact argument pair: "running-config flash:/candidate_config.txt"  it fails

If I try to wild card "flash" in any way: "running-config flash*" or "running-config flash.*" it fails

I can get the running-config command to work if I simply permit: "running-config"

But then no argument seems to work for the "null:" copy command. Unless I just allow "copy" as a command with no arguments which defeats my purpose.

If anyone has any ideas here that would be appreciated.

 

SOLVED: I thought my ISE QA environment was running 3.1 patch 3 but it was actually not patched at all and so I was hitting this bug:

CSCwa41166 : Bug Search Tool (cisco.com)

Causes special characters to be saved as hex code which ISE can't read.

 

 

 

0 Replies 0
Customers Also Viewed These Support Documents