topic Adavanced attribute settings in authorization profile in Network Access Control

Adavanced attribute settings in authorization profile

varunkhanna58026 — Tue, 04 Aug 2020 08:28:21 GMT

Hi All , I am trying to make a auth profile with advanced attribute setting . Its about sending a specific VSA back on access_accept or reject to a device. But this option show disable to me. Any idea why ? Thanks, Varun

Re: Adavanced attribute settings in authorization profile

Mike.Cifelli — Tue, 04 Aug 2020 12:58:35 GMT

What version of ISE are you running? Have you attempted to use another browser?

Re: Adavanced attribute settings in authorization profile

Greg Gibbs — Tue, 04 Aug 2020 23:31:42 GMT

As @Mike.Cifelli mentioned, I suspect this is a browser issue.

However, I also noticed from the screenshot that you have set the Network Device Profile to 'Any'. This will limit the options available in the Common Tasks section to only those that are common standards across multiple vendors. Many of the Cisco-specific options (including DACL) will not be available for that AuthZ Profile.

A better option would be to create vendor-specific AuthZ Profiles and use conditions in either separate Policy Sets or AuthZ Policies to ensure the session uses the correct vendor AuthZ Profile.