Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1359
Views
0
Helpful
2
Replies

Cisco ISE Authorization Profile?

Go to solution
Chris.Mes
Level 1
Level 1

‎04-29-2022 04:32 AM

I've a couple of devices which are manually added to Cisco ISE (version 2.3.0.298).
They are statically assigned to identity group "MAB-VLAN199".
All the devices are matched to authorization profile "AUTH-VLAN199".
But one device is shown in the ISE logs with "AUTH-VLAN199-VENDOR", it seems it attaches the vendor name to the auth-profile.
But there is no such profile, so the result is the profile "VLAN199-UNTRUST" which loads an DACL and this ACL blocks.
I've no idea what is going on here?
Any suggestions?
Thanks.
Unfortunately the guy who configured the ISE already resignated...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chris.Mes
Level 1
Level 1

‎04-29-2022 05:01 AM

Thanks, now I've found it. Under PolicySets there was an old rule for exactly this MAC-address which results to profile "VLAN199-UNTRUST".

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎04-29-2022 04:40 AM

Not ideal, but I think you can create a specific profile for those device not recognized properly.

 

https://community.cisco.com/t5/security-documents/how-to-create-ise-network-access-device-profiles/ta-p/3631103 

0 Helpful

Go to solution
Chris.Mes
Level 1
Level 1

‎04-29-2022 05:01 AM

Thanks, now I've found it. Under PolicySets there was an old rule for exactly this MAC-address which results to profile "VLAN199-UNTRUST".

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents