topic Re: ISE Policy Question in Network Access Control

ISE Policy Question

SecurityJumbo — Wed, 16 Nov 2022 20:29:28 GMT

I'm using ISE as a NAC (Network Access Control) and wondering if I can run multiple policies to the same device. I mean how I can allow multiple policies in the "Policy Set" window match and apply on the same device. Is that possible on ISE ??

Re: ISE Policy Question

balaji.bandi — Wed, 16 Nov 2022 20:54:51 GMT

what kind of policies you like to bind give some examples.

or watch the below video to get an idea :

https://www.youtube.com/watch?v=gEnWHS8nBZ4

Re: ISE Policy Question

SecurityJumbo — Thu, 17 Nov 2022 09:28:01 GMT

Hello @balaji

I'm checking if I can apply multiple policy set to the same device with different condition. I want to check and force the radius 8021x authentication and authorization first and then in the second policy I want to use the ANC Policy name as a condition based on the integration with third-party platform.

Example:

policy 1 --> Radius 8021x/MAB

policy 2 --> Change Vlan based on the ANC Policy name from other tool

Re: ISE Policy Question

Marvin Rhoads — Fri, 18 Nov 2022 12:51:36 GMT

An ANC-based event would typically come in asynchronously - i.e., distinct from the device's initial connection. If you want to check the external status at the time of connection, you can make the authorization condition a compound rule with logical AND/OR relationship between the different rule elements.