Solved: Endpoint Blacklist Policy

itnetworking · ‎12-02-2020

Hey all, I am trying to replace my currently WLC Blacklist policy of deny based on MAC Address with ISE.

My ISe also already does tacacs for network devices

I currently have 802.1x authentication against the Internal AD

and an endpoint identity group labeled "Blacklist"

with some test Macs.

My biggest issue i keep finding is that i am unable to reference that "Blacklist" Endpoint identity group anywhere in the policy configuration

Any help to a resource would be very helpful!

Mike.Cifelli · ‎12-03-2020

You are in the right place. Click the '+' under your authorization policy that is highlighted blue in your screenshot. Here is an example:

Then assign your respective Authz Profile and/or SGT if using trustsec. HTH!

View solution in original post

Mike.Cifelli · ‎12-02-2020

You will/can reference endpoint identity groups in your authz policies for mab onboarding as a condition to match. Try searching for the group using this condition: IdentityGroup-Name EQUALS <blacklist>. HTH!

itnetworking · ‎12-03-2020

So this is just a test policy set and what not, i don't see anywhere to reference endpoint groups. Am i in the wrong place ?

Mike.Cifelli · ‎12-03-2020

You are in the right place. Click the '+' under your authorization policy that is highlighted blue in your screenshot. Here is an example:

Then assign your respective Authz Profile and/or SGT if using trustsec. HTH!