03-15-2012 12:11 PM - edited 03-12-2019 05:40 PM
Hello
In ISE I have to define a complex condition as a requirement for an authorization policy. Like this:
(member of group X) AND ((wlan id 1) or (wlan id 2))
Can this be done? I can see that I can enter multiple conditions but there is only one AND/OR dropdown for the entire window which will give me either "x AND y AND z" or "x OR y OR z".
what am I missing?
Best regards
Jimmy Larsson
Sent from Cisco Technical Support iPad App
03-15-2012 03:54 PM
This is possible. it is done in the Policy --> Policy Elements --> Conditions. Create your boolean condition then go back to your policy and use it.
Scott
03-16-2012 01:04 AM
Hello
Sorry if I was unclear. I am fully aware of where to create a condition. However, I cannot see how to create a complex condition like the one I describes.
Can you clearify: If i go into Policy Elements - Condition and creates a new condition, what are the exact steps to create a condition like:
A = 1
and
(B = 2 OR C=3)
Thanks in advance
Regards
Jimmy
03-16-2012 02:18 AM
I ran into the same issue. I fixed this, but I hope someone has a better idea, as follows:
In Policy Elements > Conditions:
- create a Authorization compound condition A with Expression 1 OR Expression 2
- create a Authorization compound condition B with Expression 3 OR Expression 4
(I have not found a way to use a compound condition in another compound condition)
Create the Authorization Policy with Condition A AND Condition B.
Of course you can also do this the other way around.
.
Hope this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: