09-06-2018 03:45 AM
We have a main 'WIRELESS' policy with various Authorization policies in place for several of our wireless networks etc.
At the moment I am playing around with certificate authentication etc and have set up a TEST SSID, but need to fiddle around with the Authentication Policy a little which I obviously don't want to do in the production 'WIRELESS' policy as it may affect the other networks.
Therefore I set up 'WIRELESS_TEST' as a policy as you can see which is initially pretty much a copy and paste of the live policy, but only containing the TEST SSID under Authorization policies.
The trouble is, I cannot then connect to the TEST SSID if I try as the 'WIRELESS' policy has a 'DenyAccess' set up as the Default Authorization policy rule (if a client doesn't match any of the other rules I assume)
What is the best way to resolve this? Do I need to move my 'WIRELESS_TEST' above 'WIRELESS' and set 'PermitAcess' as the Default Authorization policy rule in 'WIRELESS_TEST'?
Many thanks :)
Solved! Go to Solution.
09-06-2018 03:10 PM
What is your wireless access use case? Depending on that your policy options will be different. Please consult the following for assistance.
BYOD deployment guide - https://community.cisco.com/t5/security-documents/cisco-ise-byod-deployment-guide/ta-p/3641867
WLC important configuration - https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795
I would avoid a production system for such testing. Please download an eval ISE version & play around.
- Krish
09-06-2018 03:10 PM
What is your wireless access use case? Depending on that your policy options will be different. Please consult the following for assistance.
BYOD deployment guide - https://community.cisco.com/t5/security-documents/cisco-ise-byod-deployment-guide/ta-p/3641867
WLC important configuration - https://community.cisco.com/t5/security-documents/top-six-important-cisco-wlc-settings-for-ise-integration/ta-p/3643795
I would avoid a production system for such testing. Please download an eval ISE version & play around.
- Krish
09-06-2018 04:54 PM
This is a double post. We already answered this query:
https://community.cisco.com/t5/identity-services-engine-ise/cisco-ise-policy-sets/m-p/3701920
Not sure why it showed up a 2nd time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide