https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503310#M89338 <P>Nice username! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>So yes, you are correct, the logical profiles would allow you to group different type of dynamically profiled devices and then reference that profile in your&nbsp;<STRONG>authorization&nbsp;</STRONG>rules. However, you won't see those logical profiles under the "Identity Group Details" section. You will need to leave that field blank. Instead, you need to look in the "second" condition box:&nbsp;<STRONG>expression &gt; Endpoint &gt; LogicalProfile</STRONG></P><P>Hope this helps!</P><P>&nbsp;</P><P><EM>Thank you for rating helpful posts!</EM></P> Tue, 29 Jul 2014 08:32:41 GMT nspasov 2014-07-29T08:32:41Z https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503309#M89337 <P>I´m having trouble understanding the Logical Profiles.&nbsp;</P><P>What I understand from the user guide:&nbsp;<A href="http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#58510" target="_blank">http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#58510</A></P><P>for those to lazy to read:&nbsp;</P><P>You can use the logical profile in an authorization policy condition to help create an overall network access policy for a category of profiles. You can create a simple condition for authorization, which can be included in the authorization rule. The attribute-value pair that you can use in the authorization condition is the logical profile (attribute) and the name of the logical profile (value), which can be found in the EndPoints systems dictionary.</P><P>&nbsp;</P><P>so I thought that meant that I can group Different Profiles (Apple Iphone, Ipad, Ipod) together into a logical group e.g. "BYOD_Idevice" and use this logical profile in the Authorization.&nbsp;</P><P>But I can´t choose this freshly created Logical Group in the Authorization Condition. As for the fact, I can´t choose this logical group ANYWHERE.&nbsp;</P><P>Leaning back and thinking about it - it somehow makes sense. In the Authorization, you don´t pick Profiles, you choose Identity endpoints. So whats the point about the logical profiles? I was hoping to clean/lean up my authorization rules with them. But for what would I use them else?&nbsp;</P><P>&nbsp;</P><P>Or is this a bug in ise 1.2.1? Not sure if I should call tac about this, or if I´m just not getting it <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P><P>&nbsp;</P><P>Thanks alot for your help! &nbsp;</P> Mon, 11 Mar 2019 04:53:43 GMT https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503309#M89337 MeMySelfundCisco 2019-03-11T04:53:43Z https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503310#M89338 <P>Nice username! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>So yes, you are correct, the logical profiles would allow you to group different type of dynamically profiled devices and then reference that profile in your&nbsp;<STRONG>authorization&nbsp;</STRONG>rules. However, you won't see those logical profiles under the "Identity Group Details" section. You will need to leave that field blank. Instead, you need to look in the "second" condition box:&nbsp;<STRONG>expression &gt; Endpoint &gt; LogicalProfile</STRONG></P><P>Hope this helps!</P><P>&nbsp;</P><P><EM>Thank you for rating helpful posts!</EM></P> Tue, 29 Jul 2014 08:32:41 GMT https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503310#M89338 nspasov 2014-07-29T08:32:41Z https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503311#M89339 <P>AWESOME!&nbsp;</P><P>it works! How cool is that. O.k a bit complicated, but what the heck. it works! thanks alot for your help!&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 29 Jul 2014 09:34:29 GMT https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503311#M89339 MeMySelfundCisco 2014-07-29T09:34:29Z https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503312#M89341 <P>No problem! Glad I could help <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 29 Jul 2014 16:16:30 GMT https://community.cisco.com/t5/network-access-control/logical-profiles-in-ise-1-2-1/m-p/2503312#M89341 nspasov 2014-07-29T16:16:30Z