https://community.cisco.com/t5/network-access-control/ise-selecting-wrong-device-admin-policy/m-p/3466065#M517527 <HTML><HEAD></HEAD><BODY><P>It appears not to do this. It always goes to the same policy linked to the most specific IP. I can't find what's wrong so I decided to open a ticket with support!</P></BODY></HTML> Wed, 07 Mar 2018 17:27:37 GMT Jeroen1001 2018-03-07T17:27:37Z https://community.cisco.com/t5/network-access-control/ise-selecting-wrong-device-admin-policy/m-p/3466063#M517522 <HTML><HEAD></HEAD><BODY><P>Dear expert,</P><P></P><P>I'm talking about the section under <EM>Work Centers &gt; Device Administration &gt; Device Admin Policy Sets</EM>. </P><P></P><P>In our setup, the device is present under 2&nbsp; distinct Network Device Groups. One time using a supernet /24 (management subnet) and one time using a /32. This /32 is the devices' host address which is also part of the supernet of course .<EM>I'm talking about the section Administration &gt; Network Device Groups</EM></P><P></P><P>It appears ISE selects the Device Admin Policy based the most specific prefix.<STRONG> So the policy with the /32 will always win.</STRONG> </P><P>However, I want it to select the policy<STRONG> based on the order in which it is defined</STRONG> at Work Centers &gt; Device Administration &gt; Device Admin Policy Sets</P><P></P><P>So basically I want it to cycle through the defined policies like an ACL. </P><P>- Check first policy. No Match? Check second policy and so on.</P><P></P><P>Please explain how to do this.</P><P></P><P>Many thanks in advance. </P></BODY></HTML> Wed, 28 Feb 2018 15:39:09 GMT https://community.cisco.com/t5/network-access-control/ise-selecting-wrong-device-admin-policy/m-p/3466063#M517522 Jeroen1001 2018-02-28T15:39:09Z https://community.cisco.com/t5/network-access-control/ise-selecting-wrong-device-admin-policy/m-p/3466064#M517525 <HTML><HEAD></HEAD><BODY><P>By default ISE always match first rule match applied.If first not match it continue to the next rule and etc.</P><P>It is important how you order rules.</P></BODY></HTML> Thu, 01 Mar 2018 09:09:28 GMT https://community.cisco.com/t5/network-access-control/ise-selecting-wrong-device-admin-policy/m-p/3466064#M517525 ognyan.totev 2018-03-01T09:09:28Z https://community.cisco.com/t5/network-access-control/ise-selecting-wrong-device-admin-policy/m-p/3466065#M517527 <HTML><HEAD></HEAD><BODY><P>It appears not to do this. It always goes to the same policy linked to the most specific IP. I can't find what's wrong so I decided to open a ticket with support!</P></BODY></HTML> Wed, 07 Mar 2018 17:27:37 GMT https://community.cisco.com/t5/network-access-control/ise-selecting-wrong-device-admin-policy/m-p/3466065#M517527 Jeroen1001 2018-03-07T17:27:37Z