Guest

Preview Tool

Cisco Bug: CSCvv95693 - ENH : Support to detect DACL's duplicate name based and port based entries by ISE

Last Modified

Oct 09, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.7(0.902)

Description (partial)

Symptom:
ISE check DACL syntax feature fails to detect duplicate entries for port based and name based access-list

switch or other network device may then drop the connection due to invalid syntax which ISE check failed to detect.

permit udp any any eq 53
permit udp any any eq domain

>> No error seen, ISE says it's valid DACL.

permit udp any any eq 53
permit udp any any eq domain

ise throws error: duplicate entries found

Conditions:
enter both name based and port based acl entries in the dacl and ise will consider it valid.
permit udp any any eq 53
permit udp any any eq domain

>> No error seen, ISE says it's valid DACL.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.