Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Cisco ISE auth policy based on Active Directory domain membership

I am currently testing the Cisco ISE product and I am trying to find a way to assign an authorization policy based on domain membership.  Our company sorts standard users and project team member into different domains so it seemed like the ideal thing to sort with.  Unfortunately, I am no AD expert and there are a mind boggling number of conditions/expressions to choose from.  I figured I would be the first person to try this.  What have other done to solve this problem?

I have tried using the memberOf attribute and matching to .*(domain).*  Basically looking to see if memberOf contains the domain name.  It works for machine authentication, but when I log it the system cannot find my account info for some reason and boots me to the guest vlan.

Thank you.

Cisco Employee

Are the two sets of users actually residing on two separate and independent domains? If so then that is probably where your problem is as ISE can only integrate with a single domain. If you have multiple domains then there must be a trust relationship between them. Another solution is to use LDAP integrations as there is not a limit with LDAP integrations.

Thank you for rating!

Yes, they are in different domains.  I have already added one of the domains as an LDAP store.

Same Forest?

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Please rate post you consider useful.

I hope you find this information useful, if it was satisfactory for you, please mark the question as Answered. Please rate post you consider useful. -James
Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube