cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
660
Views
0
Helpful
2
Replies

CISCO ISE- Policy Sets

JohnRound
Level 1
Level 1

cISE.JPGWe have a main 'WIRELESS' policy with various Authorization policies in place for several of our wireless networks etc.

 

At the moment I am playing around with certificate authentication etc and have set up a TEST SSID, but need to fiddle around with the Authentication Policy a little which I obviously don't want to do in the production 'WIRELESS' policy as it may affect the other networks.

 

Therefore I set up 'WIRELESS_TEST' as a policy as you can see which is initially pretty much a copy and paste of the live policy, but only containing the TEST SSID under Authorization policies.

 

The trouble is, I cannot then connect to the TEST SSID if I try as the 'WIRELESS' policy has a 'DenyAccess' set up as the Default Authorization policy rule (if a client doesn't match any of the other rules I assume)

 

What is the best way to resolve this?  Do I need to move my 'WIRELESS_TEST' above 'WIRELESS' and set 'PermitAcess' as the Default Authorization policy rule in 'WIRELESS_TEST'?

 

Many thanks :)

1 Accepted Solution

Accepted Solutions

kvenkata1
Cisco Employee
Cisco Employee

What is your wireless access use case? Depending on that your policy options will be different. Please consult the following for assistance.

BYOD deployment guide - https://community.cisco.com/t5/security-documents/cisco-ise-byod-deployment-guide/ta-p/3641867

WLC important configuration - https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795

 

I would avoid a production system for such testing. Please download an eval ISE version & play around.

 

- Krish

View solution in original post

2 Replies 2

kvenkata1
Cisco Employee
Cisco Employee

What is your wireless access use case? Depending on that your policy options will be different. Please consult the following for assistance.

BYOD deployment guide - https://community.cisco.com/t5/security-documents/cisco-ise-byod-deployment-guide/ta-p/3641867

WLC important configuration - https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795

 

I would avoid a production system for such testing. Please download an eval ISE version & play around.

 

- Krish

This is a double post.  We already answered this query:

 

https://community.cisco.com/t5/identity-services-engine-ise/cisco-ise-policy-sets/m-p/3701920

 

Not sure why it showed up a 2nd time.