cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1226
Views
0
Helpful
3
Replies

Compound boolean condition in ISE?

jilahbg
Level 1
Level 1

Hello

In ISE I have to define a complex condition as a requirement for an authorization policy. Like this:

(member of group X) AND ((wlan id 1) or (wlan id 2))

Can this be done? I can see that I can enter multiple conditions but there is only one AND/OR dropdown for the entire window which will give me either "x AND y AND z" or "x OR y OR z".

what am I missing?

Best regards

Jimmy Larsson

Sent from Cisco Technical Support iPad App

3 Replies 3

SCOTT VOLL
Level 1
Level 1

This is possible.  it is done in the Policy --> Policy Elements --> Conditions.  Create your boolean condition then go back to your policy and use it.

Scott

Hello

Sorry if I was unclear. I am fully aware of where to create a condition. However, I cannot see how to create a complex condition like the one I describes.

Can you clearify: If i go into Policy Elements - Condition and creates a new condition, what are the exact steps to create a condition like:

A = 1

and

(B = 2 OR C=3)

Thanks in advance

Regards

Jimmy

I ran into the same issue. I fixed this, but I hope someone has a better idea, as follows:

In Policy Elements > Conditions:

- create a Authorization compound condition A with Expression 1 OR Expression 2

- create a Authorization compound condition B with Expression 3 OR Expression 4

(I have not found a way to use a compound condition in another compound condition)

Create the Authorization Policy with Condition A AND Condition B.

Of course you can also do this the other way around.

.

Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: