Solved: Thank you, Jatin - this work

Rene Rolsted · ‎01-14-2016

Is it possible to make a AuthZ policy that points to a local ISE group with the mac addresses?

This works fine, but only 1 MAC address

(Radius:Called-Station-ID CONTAINS test-ssid AND Radius:Calling-Station-ID EQUALS 4C:7C:5F:C2:7B:7C )

I try this, but this will not work:

(Radius:Called-Station-ID CONTAINS test-ssid AND Radius:Calling-Station-ID CONTAINS IdentityGroup:Name:test-mac-group)

Jatin Katyal · ‎01-22-2016

Please use Radius:Called-station-id CONTAINS instead of EQUALS ise-test

~ Jatin

~Jatin

Jatin Katyal · ‎01-22-2016

In AuthZ policy, please select you endpoint group by clicking on any and then select the radius called station id. Please refer the image.

~ Jatin

~Jatin

Rene Rolsted · ‎01-22-2016

Thank you, Jatin - but it's not work.

I think missing some settings on the WLC

Jatin Katyal · ‎01-22-2016

Please use Radius:Called-station-id CONTAINS instead of EQUALS ise-test

~ Jatin

~Jatin

Jatin Katyal · ‎01-23-2016

If in case you still some issue then get the screen shot of ISE live authentication - detailed steps of the endpoint session.

~ Jatin

~Jatin

Rene Rolsted · ‎01-25-2016

Thank you, Jatin - this work

Radius:Called-station-id CONTAINS instead of EQUALS ise-test

Best Regard
/René

Jatin Katyal · ‎01-25-2016

Great :)

~Jatin

AuthZ policy Calling-Station-ID local group Cisco ISE