cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1305
Views
0
Helpful
1
Replies
Coco21
Beginner

How to whitelist an IP or a host group ?

Hi Team,

 

I need a help,

How to whitelist a host group to avoid alarm, 

 

I am getting alarms in custom security policy for genuine traffic.

To avoid those thing, I have create an host group and add those IPs in that group. After that in custom policy I exclude (except) that host group. 

 

But still I am getting the alarms.

 

Please advice. What to do.

 

1 REPLY 1
jamegill
Cisco Employee

Hi @Coco21 

It sounds like you are heading in the right direction to group those hosts and apply a Role Policy to squelch those alarms.

When you show the alarm table, look in the Policy column, this will show you which Policy is being triggered to generate the alarms. You will either need to tune the Policy indicated or remove the hosts from the group that policy is applied to.

There are two classes of policies, Default and Role.  Any Role policy supercedes the setting in the Default for the events defined in the policy, but a host with multiple Role Policies is subject to all of them equally.

 

I hope you find that helpful!

--jg

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad