12-02-2020 12:09 PM
Hey all, I am trying to replace my currently WLC Blacklist policy of deny based on MAC Address with ISE.
My ISe also already does tacacs for network devices
I currently have 802.1x authentication against the Internal AD
and an endpoint identity group labeled "Blacklist"
with some test Macs.
My biggest issue i keep finding is that i am unable to reference that "Blacklist" Endpoint identity group anywhere in the policy configuration
Any help to a resource would be very helpful!
Solved! Go to Solution.
12-03-2020 08:30 AM
You are in the right place. Click the '+' under your authorization policy that is highlighted blue in your screenshot. Here is an example:
Then assign your respective Authz Profile and/or SGT if using trustsec. HTH!
12-02-2020 12:57 PM
You will/can reference endpoint identity groups in your authz policies for mab onboarding as a condition to match. Try searching for the group using this condition: IdentityGroup-Name EQUALS <blacklist>. HTH!
12-03-2020 07:48 AM
So this is just a test policy set and what not, i don't see anywhere to reference endpoint groups. Am i in the wrong place ?
12-03-2020 08:30 AM
You are in the right place. Click the '+' under your authorization policy that is highlighted blue in your screenshot. Here is an example:
Then assign your respective Authz Profile and/or SGT if using trustsec. HTH!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide