Best Practice to Create Condition in Policy Set for Difference Device

farih-kurniawan · ‎11-20-2025

Greetings Everyone, I'm new with Cisco ISE. we want to create separate rules in policy set for device type, Laptops and Gadgets. each of rules had an different vlan with diferent profiles. we use called-station id conditions to differentiate those device. at first it workings. user hits the rules. we integrate this Cisco ISE with unifi ubiquity by the way

But suddenly, several device stuck. we check from ISE Auth it's success but it's not got an ip address and can't connect the network. then we test it without called-station-id attributes. for device that got stuck and it's connect network. so we uncheck the rules that we made earlier and now we just use rules for one device "laptops"

is there suitable conditions for separate SSID laptops and Gadgets ? Thank you

Rob Ingram · ‎11-20-2025

@farih-kurniawan as long as the conditions are unique to differentiate the connection requests then the devices should match the different rules.

When the device got stuck, did the devices match the correct rule? What is the difference in the authorisation profiles you are applying to the sessions?

Marcelo Morais · ‎11-20-2025

@farih-kurniawan ,

since everything was working and suddenly stopped working ...

At Administration > System > Settings > Protocols > RADIUS, can you please uncheck the

Suppress Repeated Failed Clients
Suppress repeated successful Authentications

RADIUS Settings.png

next, try again, checking Live Logs for any weird errors.

Hope this helps !