https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4606282#M574618 <P class="lia-align-justify">Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/575098">@iVicMMac</a>&nbsp;,</P> <P class="lia-align-justify">&nbsp;if my understanding is correct, you would like <U>not only</U> to use the <STRONG>IP Addr</STRONG> of the <STRONG>Device</STRONG> as a <STRONG>Condition</STRONG> to the <STRONG>Authorization Policy</STRONG>, but also check the <STRONG>Posture</STRONG> status, please try the following (as an example):</P> <P class="lia-align-justify">At <STRONG>Policy &gt; Policy Set</STRONG>, you created a <STRONG>Wired-Policy</STRONG>, for ex.:</P> <P class="lia-align-justify"><STRONG>Authorization Policy</STRONG>&nbsp;</P> <P class="lia-align-justify">&nbsp;Rule Name:&nbsp;<U><EM>John-Doe-AuthZPolicy-Compliant</EM></U></P> <P class="lia-align-justify">&nbsp;Condition:&nbsp; <EM><U>Network Access.Device IP Address Equals 10.10.10.1</U></EM> AND&nbsp;<EM><U>Session.PostureStatus Equals Compliant</U></EM></P> <P class="lia-align-justify">&nbsp;Result: <EM><U>&lt;AuthZ Profiles Result for Posture Compliant&gt;</U></EM></P> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify">&nbsp;Rule Name:&nbsp;<U><EM>John-Doe-AuthZPolicy-Unknown</EM></U></P> <P class="lia-align-justify">&nbsp;Condition:&nbsp; <EM><U>Network Access.Device IP Address Equals 10.10.10.1</U></EM> AND&nbsp;<EM><U>Session.PostureStatus Equals Unknown</U></EM></P> <P class="lia-align-justify">&nbsp;Result: <EM><U>&lt;AuthZ Profiles Result for Posture Unknown&gt;</U></EM></P> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify">Hope this helps !!!</P> Sun, 08 May 2022 01:37:23 GMT Marcelo Morais 2022-05-08T01:37:23Z https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605464#M574599 <P>Hello Team,</P><P>I'm struggling configuring the posture for +600 users with static addressing (this addressing is assigned by ISE) I can't make the ISE applies the iP address for each user plus works the ISE Posture at the same time within my policy, anyone can help me?</P><P>&nbsp;</P><P>CISCO ISE 2.4</P><P>&nbsp;</P> Fri, 06 May 2022 00:51:14 GMT https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605464#M574599 iVicMMac 2022-05-06T00:51:14Z https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605477#M574601 <P>So you are using the ISE local DHCP server?&nbsp; How is ISE assigning static IPs to clients?&nbsp; IP Device Tracking enabled on the NAD?</P> Fri, 06 May 2022 01:22:56 GMT https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605477#M574601 ahollifield 2022-05-06T01:22:56Z https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605494#M574603 <P>Nope, all the addressing is static, no DHCP, I created each autorization profile with each framed iP, so this profile is the iP the user receives</P> Fri, 06 May 2022 02:14:02 GMT https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605494#M574603 iVicMMac 2022-05-06T02:14:02Z https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605680#M574607 <P>Interesting.&nbsp; What is the use-case here?&nbsp; So you have 600 AuthZ profiles? One for each user?&nbsp;&nbsp;</P> Fri, 06 May 2022 11:22:41 GMT https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4605680#M574607 ahollifield 2022-05-06T11:22:41Z https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4606150#M574614 <P>Yes, its a customer requirement to have more control over the users</P> Sat, 07 May 2022 11:30:48 GMT https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4606150#M574614 iVicMMac 2022-05-07T11:30:48Z https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4606282#M574618 <P class="lia-align-justify">Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/575098">@iVicMMac</a>&nbsp;,</P> <P class="lia-align-justify">&nbsp;if my understanding is correct, you would like <U>not only</U> to use the <STRONG>IP Addr</STRONG> of the <STRONG>Device</STRONG> as a <STRONG>Condition</STRONG> to the <STRONG>Authorization Policy</STRONG>, but also check the <STRONG>Posture</STRONG> status, please try the following (as an example):</P> <P class="lia-align-justify">At <STRONG>Policy &gt; Policy Set</STRONG>, you created a <STRONG>Wired-Policy</STRONG>, for ex.:</P> <P class="lia-align-justify"><STRONG>Authorization Policy</STRONG>&nbsp;</P> <P class="lia-align-justify">&nbsp;Rule Name:&nbsp;<U><EM>John-Doe-AuthZPolicy-Compliant</EM></U></P> <P class="lia-align-justify">&nbsp;Condition:&nbsp; <EM><U>Network Access.Device IP Address Equals 10.10.10.1</U></EM> AND&nbsp;<EM><U>Session.PostureStatus Equals Compliant</U></EM></P> <P class="lia-align-justify">&nbsp;Result: <EM><U>&lt;AuthZ Profiles Result for Posture Compliant&gt;</U></EM></P> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify">&nbsp;Rule Name:&nbsp;<U><EM>John-Doe-AuthZPolicy-Unknown</EM></U></P> <P class="lia-align-justify">&nbsp;Condition:&nbsp; <EM><U>Network Access.Device IP Address Equals 10.10.10.1</U></EM> AND&nbsp;<EM><U>Session.PostureStatus Equals Unknown</U></EM></P> <P class="lia-align-justify">&nbsp;Result: <EM><U>&lt;AuthZ Profiles Result for Posture Unknown&gt;</U></EM></P> <P class="lia-align-justify">&nbsp;</P> <P class="lia-align-justify">Hope this helps !!!</P> Sun, 08 May 2022 01:37:23 GMT https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4606282#M574618 Marcelo Morais 2022-05-08T01:37:23Z https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4606988#M574647 <P>Thank you Marcelo,</P><P>&nbsp;</P><P>I tried a solution pretty similar last week and it seems is working <span class="lia-unicode-emoji" title=":winking_face:">😉</span> The difference is I configured only 1 policy for compliant and noncompliant at the end of policy set and the unknown condition for each user, a lot of work to add manually this condition but its ok. Thank you again.</P><P>&nbsp;</P><P>Regards,</P> Mon, 09 May 2022 17:08:07 GMT https://community.cisco.com/t5/network-access-control/ise-posture-with-static-addressing/m-p/4606988#M574647 iVicMMac 2022-05-09T17:08:07Z