04-08-2018 08:41 PM
Hello
If I understand the ISE Admin Guide correctly, the ONLY expression that ISE supports is "ip host" ? I have misunderstood 'standard' to mean that ISE supports the standard tcpdump expressions :-(
It would be nice to be able to apply the standard filters - would this be considered a feature request?
Solved! Go to Solution.
04-09-2018 05:53 PM
It looks like this changed at some point (maybe with 2.3?) as I know I have used simple port filters in the past, but for some reason ISE won't take a port filter unless I also specify an 'ip host' filter. If you're trying to filter on a port, you might just include the ISE node IP address as a workaround.
Maybe one of the TME's that monitor the community page can provide some clarification if this is expected behaviour or should be considered a bug.
-Regards,
Greg
04-09-2018 05:53 PM
It looks like this changed at some point (maybe with 2.3?) as I know I have used simple port filters in the past, but for some reason ISE won't take a port filter unless I also specify an 'ip host' filter. If you're trying to filter on a port, you might just include the ISE node IP address as a workaround.
Maybe one of the TME's that monitor the community page can provide some clarification if this is expected behaviour or should be considered a bug.
-Regards,
Greg
04-09-2018 10:18 PM
nice workaround
04-10-2018 02:28 PM
hslai, do you have any knowledge about or comment on this change of behaviour for the tcpdump filter?
04-10-2018 02:48 PM
+1
I am guessing it might be due to moving this utility from flash to HTML5.
CSCvd36140 is an enhancement to allow other options and currently internal but I will add an RNE and make it external.
06-01-2020 11:43 AM
06-02-2020 05:46 AM
funny you say that ... today I used the crude tcpdump on the CLI and captured all the output to a text file - I was testing the SMTP and I found what I was looking for. But it did feel a bit 1984'ish ... there's a perfectly good Linux tcpdump just sitting under the covers ... now if only I could get my grubby paws on it ... :)
06-02-2020 06:10 AM
05-19-2022 03:04 AM - edited 05-19-2022 03:06 AM
Well ?
In 2022, ISE 2.7 with patch 7 does not still have this repaired.
So workaround with using ip host plus and port still works.
It seems it is BUG and that was not still fixed at all. What do you think now ?
05-19-2022 01:23 PM
Don't expect too much to get fixed in ISE 2.7. No matter what version of ISE you're on you're always at the mercy of Cisco making these tools available to you. All the while, the tools that can do the job are already there in Linux, but hidden from us (no access). Prime Infrastructure has root access, so does DNAC. Even a non-root shell would be nice.
06-15-2022 03:27 AM
Can I expect it in version 3.1 ?
06-02-2020 08:04 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: