ISE Policy using "in" operator

jason.emery · ‎01-29-2020

This seems like it should be so simple but I can;t find any documentation on how to use it. I am doing some policy testing and whatnot and simply want to use the "In" operator to create some inclusions/exclusions for testing. How does this operator function? I assume "in" means if the value is "in" a list of some sort but I can't figure out how to provide a list. Is it just csv, inside brackets, parenthesis...?

Colby LeMaire · ‎01-29-2020

I have never had to use the "in" operator but my understanding is that it checks a list to see if it is in the list. That list would not be a freeform text list that you input in the textbox. You could have an attribute within LDAP or AD that is created like a list. String values separated by newlines or whatever the system uses for multiple values. Then you could reference that attribute in your conditions. I don't think there would be any attribute within ISE that contains lists but I could be wrong. I also just checked to see if I could create a custom dictionary with a list but it did not look like it.

Would be interested in hearing from anyone that has used it in a policy and what the scenario was.

jason.emery · ‎01-29-2020

Ok actually this works in ISE policy:

Radius-user-name match (user1|user2|user3)

Colby LeMaire · ‎01-29-2020

The "match" operator uses regex so that makes sense. Maybe with the "in" operator you can try to list out the values separated by spaces. But that would be the same as the "contains" operator.

jason.emery · ‎01-29-2020

Actually the contains operator would be kind of the reverse of the in operator.

user-name contains test

vs

user-name in test1,test2

Still would like to know how to use the in operator or what scenario that would be useful.