This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
In the ACS4.2, I can add multiple Devices' IPs like 192.168.10.50-100. But in ACS5.2, I can only specify the subnet mask for the IP subnet. Please advise me how to get around it since I don't want to add the whole subnet into the ACS5.2.
Thanks in advance.
Select "ip ranges"
Type in the ip address you want and a mask of /32.
Then do the same with all the other ip addresses you want.
A subnet mask of /32 determines one ip address and not a range.
Thanks for your reply.
I know I can add all the IPs one by one. But if I need to add ip range 192.168.10.50 - 192.168.10.150, are you saying I have to add the IP address 101 times?
How about using the range .64->.128 with a subnet mask ? Then you can you use smaller masks to tackle the other IPs.
In the end you have a small list of ranges with different masks.
I agree it's less handy than the "-" that was available in ACS 4.
There is a way around this. Have a look at "device filters", you can set these up to filter by IP.
This way, you can add single IP address rules into your rule tables, that are specific for possibly "different" devices in the middle of large address ranges.
We have seen set ups like this where you have big subnets defined for tacacs, but need to throw the occasional RADIUS device in somewhere, like in the middle of a /24.
This is much easier than defining everything with /32 masks.