https://community.cisco.com/t5/network-access-control/ise-policy/m-p/1960013#M202220 <P><SPAN style="font-size: 12pt;">hi experts</SPAN><BR /><SPAN style="font-size: 12pt;">i need your help regarding below</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">I'm new in ISE , I configured the ISE to be integrated with </SPAN><SPAN style="font-size: 12pt;">the active directory , so any user want to login to the </SPAN><SPAN style="font-size: 12pt;">network should has username &amp; password at the active directory .</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">most of the users already joined to the domain , and no problem with them .</SPAN><BR /><SPAN style="font-size: 12pt;">my problem begin with the users whom not joined to the domain , </SPAN><SPAN style="font-size: 12pt;">they are login locally at them PCs , and use the active directory username &amp; </SPAN><SPAN style="font-size: 12pt;">password to login to the network ....</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">how could i configure a policy to prevent the users to access to the network </SPAN><SPAN style="font-size: 12pt;">if they are not joined to the domain and put them in the quaranty vlan</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">thanks in advanced for any suggestion</SPAN></P><P><BR /><SPAN style="font-size: 12pt;">Reyad</SPAN></P> Mon, 11 Mar 2019 02:11:37 GMT Reyad Safi 2019-03-11T02:11:37Z https://community.cisco.com/t5/network-access-control/ise-policy/m-p/1960013#M202220 <P><SPAN style="font-size: 12pt;">hi experts</SPAN><BR /><SPAN style="font-size: 12pt;">i need your help regarding below</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">I'm new in ISE , I configured the ISE to be integrated with </SPAN><SPAN style="font-size: 12pt;">the active directory , so any user want to login to the </SPAN><SPAN style="font-size: 12pt;">network should has username &amp; password at the active directory .</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">most of the users already joined to the domain , and no problem with them .</SPAN><BR /><SPAN style="font-size: 12pt;">my problem begin with the users whom not joined to the domain , </SPAN><SPAN style="font-size: 12pt;">they are login locally at them PCs , and use the active directory username &amp; </SPAN><SPAN style="font-size: 12pt;">password to login to the network ....</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">how could i configure a policy to prevent the users to access to the network </SPAN><SPAN style="font-size: 12pt;">if they are not joined to the domain and put them in the quaranty vlan</SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">thanks in advanced for any suggestion</SPAN></P><P><BR /><SPAN style="font-size: 12pt;">Reyad</SPAN></P> Mon, 11 Mar 2019 02:11:37 GMT https://community.cisco.com/t5/network-access-control/ise-policy/m-p/1960013#M202220 Reyad Safi 2019-03-11T02:11:37Z https://community.cisco.com/t5/network-access-control/ise-policy/m-p/1960014#M202228 <HTML><HEAD></HEAD><BODY><P>In the POLICY - AUTHORIZATION check if you have DEFAULT PERMIT at the end, or paste screen shot from Authentication (OPERATIONS - AUTHENTICATIONS) of that users to see what policy they matched.</P><P>hope to help</P></BODY></HTML> Thu, 14 Jun 2012 14:16:39 GMT https://community.cisco.com/t5/network-access-control/ise-policy/m-p/1960014#M202228 edondurguti 2012-06-14T14:16:39Z