Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5.5 Command Set Regular Expression

I use command sets quite a bit to permit/deny specific commands for different admin groups.  I want to create a new command set to block certain subnets from being used on the network at all.  I thought regular expressions would be good here, but I cannot get these to work at all.

 

As an example, if I deny the command "*" and argument "ip host 172.16.", I cannot create an ACL line to permit ip host 172.16.1.1 or deny ip host 172.16.1.1.

 

How do I make this work so that no matter what precedes or follows the IP, the command is denied so that I can deny "ip address 172.16.1.1", "ip host 172.1.1", "ip 172.16.1.1", server 172.16.1.1", etc.?

Everyone's tags (1)
1 REPLY

Hey,The "*" will not work.You

Hey,

The "*" will not work.

You need to first jot down the list of commands that allow an ip address as an argument.

Then use them and add the respective arguments in deny.

 

Regards

Ed

239
Views
0
Helpful
1
Replies