01-04-2024 05:24 AM
Deploying ISE and trying to finalize some restrictions. It seems the DACL defined in ISE is not what the switch is applying to the port. Any ideas why the switch is changing the deny statements?
Here is what we have defined in ISE:
Here is what the switch is applying:
Solved! Go to Solution.
01-04-2024 05:32 AM - edited 01-04-2024 06:31 AM
@Chris S use the wildcard not the subnet mask when configuring the DACL.
Also you can use Check DACL Syntax to confirm the syntax is correct.
01-04-2024 05:32 AM - edited 01-04-2024 06:31 AM
@Chris S use the wildcard not the subnet mask when configuring the DACL.
Also you can use Check DACL Syntax to confirm the syntax is correct.
01-04-2024 09:20 AM
That was it - the syntax was valid against the ISE checker with a standard subnet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide