Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
5
Helpful
4
Replies

Cisco ISE2.0 - Policy Sets

agapitca19
Level 1
Level 1

‎02-29-2016 01:24 PM - edited ‎03-10-2019 11:32 PM

Hi,

How do you disable the "Default" Policy Set under Work Centers-Device Administration-Device Admin Policy Sets? I have put in a new Policy Set above the "Default" and the switch that I am using for testing works with AAA but when I checked the TACACS Livelog, the Authentication and Authorization Policy show that they used the "Default" Policy Set instead of the new one.

Thanks. 

Labels:
0 Helpful
4 Replies 4

jan.nielsen
Level 7
Level 7

‎02-29-2016 04:47 PM

Normally policy sets are evaluated by the conditions you set in them, and not the order that they configured in. Did you set a condition in your new policy set that you would expect to match it ?

agapitca19
Level 1
Level 1
In response to jan.nielsen

‎03-04-2016 06:30 AM

I revised my device admin policy sets to be more granular and it is working now. 

0 Helpful

jan.nielsen
Level 7
Level 7
In response to agapitca19

‎03-04-2016 08:40 AM

Great! - Please rate my answer if you felt it helped you to solve your problem
0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎03-05-2016 05:43 PM

To add to what Jan said (+5 from me). You should also make sure that both the Authentication and the Authorization Policies in the default set are set to "deny access." Otherwise, you could potentially grant access to your network/device unwillingly. 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents