Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE 1.2 and ACL's with multiple ports

When creating a DACL for my groups I used the Syntax " permit tcp any 192.168.20.0 0.0.0.255 eq 22 443" for one of my acl's inside the DACL and the syntax check validated it. When I pushed it to my groups it also worked but I have heard that this type of multiple port ACL in ISE is not supported. Does anyone know if this is accurate?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

You can implement multiple

You can implement multiple DACL to control the access and its works perfectly with ISE

********Do rate Helpful posts***************

3 REPLIES

Check supported DACL

Check supported DACL format

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_authz_polprfls.html#pgfId-1231465

New Member

Thanks for the response but

Thanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac. 

Silver

You can implement multiple

You can implement multiple DACL to control the access and its works perfectly with ISE

********Do rate Helpful posts***************

153
Views
0
Helpful
3
Replies
CreatePlease to create content