https://community.cisco.com/t5/network-access-control/cisco-ise-two-or-more-authentication-policy-result/m-p/4308067#M566170 <P>Hello guys.</P><P>&nbsp;</P><P>I would ask you the logic of have two o more Authentication Policy Result for a policy set's rule.</P><P>I mean, sometimes I saw on different Cisco ISE policy sets some policy set rules that has two or more result for the same conditions.</P><P>So, in which way ISE apply one or the other? for my understanding the condition are the same.</P><P>Thanks a lot.</P><P>&nbsp;</P><P>Americo</P> Tue, 16 Mar 2021 11:32:25 GMT Americo Massotti 2021-03-16T11:32:25Z https://community.cisco.com/t5/network-access-control/cisco-ise-two-or-more-authentication-policy-result/m-p/4308067#M566170 <P>Hello guys.</P><P>&nbsp;</P><P>I would ask you the logic of have two o more Authentication Policy Result for a policy set's rule.</P><P>I mean, sometimes I saw on different Cisco ISE policy sets some policy set rules that has two or more result for the same conditions.</P><P>So, in which way ISE apply one or the other? for my understanding the condition are the same.</P><P>Thanks a lot.</P><P>&nbsp;</P><P>Americo</P> Tue, 16 Mar 2021 11:32:25 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-two-or-more-authentication-policy-result/m-p/4308067#M566170 Americo Massotti 2021-03-16T11:32:25Z https://community.cisco.com/t5/network-access-control/cisco-ise-two-or-more-authentication-policy-result/m-p/4308144#M566178 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/491474">@Americo Massotti</a>&nbsp;</P><P>&nbsp;please take a look at: <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100101.html" target="_blank" rel="noopener">ISE Admin Guide - Policy Set</A>.</P><P>Remember that:</P><P>".<EM>.. <STRONG>Policy sets</STRONG> are configured <U>hierarchically</U>, where the rule on the <U>top level</U> of the policy set, which can be viewed from the Policy Set table, applies to the entire set and is <U>matched before</U> the rules for the rest of the policies and exceptions. Thereafter, rules of the set are applied in this order:</EM></P><P><EM>Authentication policy rules</EM><BR /><EM>Local policy exceptions</EM><BR /><EM>Global policy exceptions</EM><BR /><EM>Authorization policy rules...</EM>"</P><P>&nbsp;</P><P>Hope this helps !!!</P> Tue, 16 Mar 2021 13:35:08 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-two-or-more-authentication-policy-result/m-p/4308144#M566178 Marcelo Morais 2021-03-16T13:35:08Z https://community.cisco.com/t5/network-access-control/cisco-ise-two-or-more-authentication-policy-result/m-p/4308620#M566201 <P>If more than one authorization profiles in the same result cell, then the attributes would be combined but only the first value will apply if the attribute may have only one. For example,</P> <P>authzProfile-1: VLAN=Employees, DACL=permitALL</P> <P>authzProfile-2: VLAN=ACCESS, Reauthentication with Timer=1800</P> <P>SecureGroup=Employees</P> <P>&nbsp;</P> <P>The combined shall be:&nbsp;VLAN=Employees, DACL=permitALL,&nbsp;Reauthentication with Timer=1800,&nbsp;SecureGroup=Employees</P> <P>&nbsp;</P> Wed, 17 Mar 2021 03:31:44 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-two-or-more-authentication-policy-result/m-p/4308620#M566201 hslai 2021-03-17T03:31:44Z