Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
0
Helpful
2
Replies

CISCO ISE POLICY SETS HELP

Go to solution
prathamesh002
Level 1
Level 1

‎08-01-2022 04:42 AM - edited ‎08-01-2022 04:49 AM

Hi Friends,

I am trying to replicate attached policy sets in ise 3.1.

Not able to do it as mentioned in post, may be due to UI difference but I want to achieve those by applying authentication policy and policy sets.

can any one help me in this as I could not do nested conditions here.



Actual post: ISE - Dot1x Policy Configuration - Cisco Community.

#dot1x #AAA #ISE  @ciscoCommunity  @dot1x  @katmcnam #NAC

Preview file
88 KB
Preview file
75 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎08-01-2022 06:28 AM

The new Policy Engine (new as of ISE 2.3) does not allow for multiple Allowed Protocols per Policy Set.  The Allowed Protocols are defined PER Policy Set.  To allow MAB and 802.1x in a Policy Set, you must define such in the Allowed Protocols.  

From there, you can define the Identity Source used in your Authentication Rules (Unless using an External RADIUS Server Sequence).  Because of this, you will not see the nested Authentication Policy as shown in @katmcnam's post (she used 2.2 there, I believe).  

I gave a webinar on this topic and you can see it here Building ISE RADIUS Policy Sets .

To view more about RADIUS Server Sequences and how to set them up (and build policies for them), check out this article Configuring eduroam on Cisco Identity Services Engine (ISE) 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marcelo Morais
VIP
VIP

‎08-01-2022 04:59 AM

Hi @prathamesh002 ,

 please take a look at Work Centers > Posture > Policy Elements > Conditions > Dictionary Compound.

Hope this helps !!!

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎08-01-2022 06:28 AM

The new Policy Engine (new as of ISE 2.3) does not allow for multiple Allowed Protocols per Policy Set.  The Allowed Protocols are defined PER Policy Set.  To allow MAB and 802.1x in a Policy Set, you must define such in the Allowed Protocols.  

From there, you can define the Identity Source used in your Authentication Rules (Unless using an External RADIUS Server Sequence).  Because of this, you will not see the nested Authentication Policy as shown in @katmcnam's post (she used 2.2 there, I believe).  

I gave a webinar on this topic and you can see it here Building ISE RADIUS Policy Sets .

To view more about RADIUS Server Sequences and how to set them up (and build policies for them), check out this article Configuring eduroam on Cisco Identity Services Engine (ISE) 

0 Helpful
Customers Also Viewed These Support Documents