topic Re: Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1 in Network Access Control

Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1

getaway51 — Mon, 28 Oct 2019 04:10:40 GMT

Hi,

Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1.

May i know Authentication Policy-Default is it Deny ALL?

This device is a Voice device, i falls to default ISE profile grp.

May I knw wht is inside Authentication Policy-Default? How to view it?

Re: Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1

Mike.Cifelli — Mon, 28 Oct 2019 12:49:49 GMT

You can view your policies under Policy->Policy Sets-><your policy>
To view the authz result profiles: Policy->Policy Elements->Results->Authorization->Authorization Profiles
Good luck & HTH!

Re: Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1

getaway51 — Mon, 28 Oct 2019 13:01:43 GMT

Hi,

Thanks for yr guidance. I attached the screenshot. By the way i cant find Authentication-Default under

Policy->Policy Elements->Results->Authorization->Authorization Profiles

or where shld i look Authentication-Default?

I just wanted to know why it falls under Authentication-Default and what impact Authentication-Default has for this device

Re: Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1

Mike.Cifelli — Mon, 28 Oct 2019 13:48:47 GMT

Now I think I have a better understanding of what you are asking. The default policy is the policy nodes hit when they do not match any of your configured policies in authc or authz policies. The authc impact depends on how you have configured your options (if auth fail, if user not found, if process fail). The authz impact depends on what authz profile you assign.

Re: Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1

getaway51 — Mon, 28 Oct 2019 14:34:26 GMT

actually this device which is avaya-device hits the MAB policy set.

In this case, it hits the correct authz policy but goes to authc-default.

"The default policy is the policy nodes hit when they do not match any of your configured policies in authc "

This is the part i dont understand, the device falls under customized identity grp of Avaya-voice which is configured in the authc policy as well. fyi the device mac address was added manually into identity grp of Avaya-voice.