cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4062
Views
15
Helpful
3
Replies
wess
Beginner

ISE regex

Hi

 

do you know a documentation for regex syntax in policy sets on ISE 2.3?

is it like the syntax on cisco routers?

 

Br Matthias

 

 

3 REPLIES 3
Ben Walters
Participant

I found this in a guide related to ISE policies and WLC hopefully it gives you an idea on the format for regex.

 

REGEX Examples

'Starts with'—for example, use the REGEX value of ^(Acme).*—this condition is configured as CERTIFICATE:Organization MATCHES 'Acme' (any match with a condition that starts with "Acme").

'Ends with'—for example, use the REGEX value of .*(mktg)$—this condition is configured as CERTIFICATE:Organization MATCHES 'mktg' (any match with a condition that ends with "mktg").

'Contains'—for example, use the REGEX value of .*(1234).*—this condition is configured as CERTIFICATE:Organization MATCHES '1234' (any match with a condition that contains "1234", such as Eng1234, 1234Dev, and Corp1234Mktg).

'Does not start with'—for example, use the REGEX value of ^(?!LDAP).*—this condition is configured as CERTIFICATE:Organization MATCHES 'LDAP' (any match with a condition that does not start with "LDAP", such as usLDAP or CorpLDAPmktg).

 

Original document here

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.html

Further to the previous reply, I am not sure what part of ISE you are using regex, but if it's in the Policy Sets, then I have found that using the MATCHES operator allows me to use standard regex syntax.  There were some bugs in ISE 2.2 - but so far in ISE 2.3 the regex is reliable.  In my case I use it a lot in my TACACS authentication policies, e.g.

tacacs.png

 

 

I can add one small caveat when using ISE for TACACS+ command sets.  Have a look at this posting over at the ISE Community page - it explains that TACACS+ commands use wildcards, and their arguments use regex

https://communities.cisco.com/thread/86989  

 

 

Wildcards and Regex in Command Sets

A command line comprises the command and zero or more arguments. When Cisco ISE receives a command line (request), it handles the command and its arguments in different ways:

 

It matches the command in the request with the commands specified in the command set list using the wildcard matching paradigm.

Example: Sh?? or S*

 

It matches the arguments in the request with the arguments specified in the command set list using regular expressions (regex) matching paradigm.

wess
Beginner

Thanks Ben and Arne!

 

I also found the following in the ISE admin guide

 

The “Matches” operator supports and uses regular expressions (REGEX) not wildcards.

You must use the “equals” operator for straight forward comparison. “Contains” operator can be used for multi-value attributes.
“Matches” operator should be used for regular expression comparison.
When “Matches” operator is used, regular expression will be interpreted for both static and dynamic values.

 

I looks like the normal regex syntak (https://en.wikipedia.org/wiki/Regular_expression) is supported

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel