Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
691
Views
5
Helpful
2
Replies

Authorization Policy Missing or Different in V2.4 | WorkCenter>TrustSec>Policy>Authorization

Go to solution
techmgr.aballesteros1
Level 1
Level 1

‎03-20-2019 08:21 PM

Hello Everyone,

 

I am trying to follow Wireless TrustSec Deployment Guide  https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-4/b_wireless_trustsec_deployment_guide.html , but I am stuck trying to figure out how to follow the guide. I am in Item#6 ( " Policy > Authorization we have configured Authorization rules for employee and contractor to pass the tags once the clients get authenticated. ")

 

TrustSec-AuthZ-ComparisonWithDiffVersion.png

 

I have already Policy Set for our Corporate, BYOD and Guest WIFI. I am just confused where to create AUTHZ for TrustSec. 

Do I have to create it above or below the existing Policy Set I already have for Corporate, BYOD and Guest WIF? Or Am I in the wrong page/tab? See above Screenshot. 

 

 

And if So, also confused how or where to put the conditions and rules. Like there are AuthC Policy, AuthZ Local, AuthZ Global, and AuthZ. If there's like a good sample screenshot I can follow , it'll tremendously help.TrustSec_AuthC_local_global_AuthZ.JPG

 

Thanks in Advance!

-Adrian

Preview file
214 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-20-2019 08:45 PM

Hi

You can use your existing policy-sets and go into authorization policy.
On your authorization rule, you will see at the right, a SGT field where you can
attach your config.
The section authorization local exception is replacing the exception section you had on your old ise.
The global exception will allow you to do an action and copy this same rule across all your policy-sets.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 Replies 2

Go to solution
paul
Level 10
Level 10

‎03-20-2019 08:25 PM

You either add the SGT tags to your existing rules or add new rules in the same policy set to apply tags to.  You can apply SGT tags anytime you want even before you have TrustSec deployed.  If nothing is there to use the tags then they are ignored.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-20-2019 08:45 PM

Hi

You can use your existing policy-sets and go into authorization policy.
On your authorization rule, you will see at the right, a SGT field where you can
attach your config.
The section authorization local exception is replacing the exception section you had on your old ise.
The global exception will allow you to do an action and copy this same rule across all your policy-sets.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents