https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192849#M564145 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2020-12-03 at 08.45.38.png" style="width: 900px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/89781i6F6E4DC5BDF30931/image-dimensions/900x477?v=v2" width="900" height="477" role="button" title="Screen Shot 2020-12-03 at 08.45.38.png" alt="Screen Shot 2020-12-03 at 08.45.38.png" /></span><BR /><BR /><BR /><BR />So this is just a test policy set and what not, i don't see anywhere to reference endpoint groups. Am i in the wrong place ?</P><P> </P> Thu, 03 Dec 2020 15:48:22 GMT itnetworking 2020-12-03T15:48:22Z https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192349#M564125 <P>Hey all, I am trying to replace my currently WLC Blacklist policy of deny based on MAC Address with ISE.</P><P>&nbsp;</P><P>My ISe also already does tacacs for network devices</P><P>I currently have 802.1x authentication against the Internal AD</P><P>and an endpoint identity group labeled "Blacklist"</P><P>with some test Macs.</P><P>&nbsp;</P><P>My biggest issue i keep finding is that i am unable to reference that "Blacklist" Endpoint identity group anywhere in the policy configuration</P><P>&nbsp;</P><P>Any help to a resource would be very helpful!</P> Wed, 02 Dec 2020 20:09:22 GMT https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192349#M564125 itnetworking 2020-12-02T20:09:22Z https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192376#M564127 <P>You will/can reference endpoint identity groups in your authz policies for mab onboarding as a condition to match.&nbsp; Try searching for the group using this condition: IdentityGroup-Name EQUALS &lt;blacklist&gt;.&nbsp; HTH!</P> Wed, 02 Dec 2020 20:57:30 GMT https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192376#M564127 Mike.Cifelli 2020-12-02T20:57:30Z https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192849#M564145 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2020-12-03 at 08.45.38.png" style="width: 900px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/89781i6F6E4DC5BDF30931/image-dimensions/900x477?v=v2" width="900" height="477" role="button" title="Screen Shot 2020-12-03 at 08.45.38.png" alt="Screen Shot 2020-12-03 at 08.45.38.png" /></span><BR /><BR /><BR /><BR />So this is just a test policy set and what not, i don't see anywhere to reference endpoint groups. Am i in the wrong place ?</P><P> </P> Thu, 03 Dec 2020 15:48:22 GMT https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192849#M564145 itnetworking 2020-12-03T15:48:22Z https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192887#M564147 <P>You are in the right place.&nbsp; Click the '+' under your authorization policy that is highlighted blue in your screenshot.&nbsp; Here is an example:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="ep_grp_condition.PNG" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/89787iEB6F3509CEA90BED/image-size/large?v=v2&amp;px=999" role="button" title="ep_grp_condition.PNG" alt="ep_grp_condition.PNG" /></span></P> <P> Then assign your respective Authz Profile and/or SGT if using trustsec.&nbsp; HTH!</P> Thu, 03 Dec 2020 16:30:57 GMT https://community.cisco.com/t5/network-access-control/endpoint-blacklist-policy/m-p/4192887#M564147 Mike.Cifelli 2020-12-03T16:30:57Z