Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
1
Replies

Cisco ISE 2.1 - Enable only one profile on a Cisco switch

mccabep
Level 1
Level 1

‎03-11-2019 09:29 AM

Hello,

 

We are currently using Cisco ISE 2.1. (Soon to be upgrade) A question has come up that I'm hoping someone can answer. One of our cisco switches (2960c), is not behind locked door. This is a security threat, so I was told to enable ISE on the switch, which I have. However, now I'm being asked if the switch can be locked down further, meaning, only allow one profile to access the switch. So if we have our corporate desktops profiled, we would want only those desktops to use the switch. I hope that makes sense.

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎03-11-2019 03:06 PM

You can implement that by adding an AND condition to your Authorisation Rule that says If ... blah AND DEVICE_LOCATION = "SPECIAL_CAT_2960C" then Permit...blah. - in other words, use the NDG DEVICE LOCATION attribute in your Policy Set logic.

0 Helpful
Customers Also Viewed These Support Documents