04-29-2022 04:32 AM
I've a couple of devices which are manually added to Cisco ISE (version 2.3.0.298).
They are statically assigned to identity group "MAB-VLAN199".
All the devices are matched to authorization profile "AUTH-VLAN199".
But one device is shown in the ISE logs with "AUTH-VLAN199-VENDOR", it seems it attaches the vendor name to the auth-profile.
But there is no such profile, so the result is the profile "VLAN199-UNTRUST" which loads an DACL and this ACL blocks.
I've no idea what is going on here?
Any suggestions?
Thanks.
Unfortunately the guy who configured the ISE already resignated...
Solved! Go to Solution.
04-29-2022 05:01 AM
Thanks, now I've found it. Under PolicySets there was an old rule for exactly this MAC-address which results to profile "VLAN199-UNTRUST".
04-29-2022 04:40 AM
Not ideal, but I think you can create a specific profile for those device not recognized properly.
04-29-2022 05:01 AM
Thanks, now I've found it. Under PolicySets there was an old rule for exactly this MAC-address which results to profile "VLAN199-UNTRUST".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide