Guest

Preview Tool

Cisco Bug: CSCvt50572 - Impossible to create whitelist policy via ERS API

Last Modified

Sep 04, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.4(0.910) 2.6(0.200) 2.7(0.356) 3.0(0.294)

Description (partial)

Symptom:
Whitelist policy (involving creation of a default policy that contains a customer-defined SGACL) is a key aspect of TrustSec, very important for customers with the highest level of security concern and awareness.

This can be done in the ISE UI, but first the user must navigate to the TrustSec Settings and enable "Allow Multiple SGACLs" (this option is DISABLED by default).

There is NO ERS API for this option, and that renders it impossible to create and manage whitelist policy via ERS API. DNASC/ACA cannot deliver support for whitelist group based access policy until ISE provides the missing API for this setting.

Conditions:
User needs to manage Whitelist policy externally via ERS API
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.