Hi everyone,
I am working on a POC for ISE using version 2.3. I'm new to ISE so I apologize if this is an obvious question. I couldn't find anything in the forum or docs either. Ok to the question.
I am following Katherine McNamara's blog post ISE - Dot1x Policy Configuration
In the post she uses a network access condition that matches certificate attributes that then results in specific identity sequences. I like this approach as it would allow us to collapse our corporate and byod SSIDs into one and assign different roles and VLANs starting with which certificate the client has. This is one of our goals with moving to a full NAC solution such as ISE.
My issue is when I go to add this condition in my authentication policy the condition is missing. Are there limitations on which conditions can be used where? Was there a change in how conditions work in 2.3? I've skimmed through documentation and the forums and I can't find any mention of this.
Screenshot of the condition:
Thanks!
Accepted Solutions
You can use it in authorization policy rules only. [Correction] We can't use it in any policy set conditions but we can use it in authentication policy conditions inside a policy set.
Certificate attributes are not yet available at that point in determining which protocols to use. It's removed to resolve CSCvc98033.
You can use it in authorization policy rules only. [Correction] We can't use it in any policy set conditions but we can use it in authentication policy conditions inside a policy set.
Certificate attributes are not yet available at that point in determining which protocols to use. It's removed to resolve CSCvc98033.
