12-02-2020 12:09 PM
Hey all, I am trying to replace my currently WLC Blacklist policy of deny based on MAC Address with ISE.
My ISe also already does tacacs for network devices
I currently have 802.1x authentication against the Internal AD
and an endpoint identity group labeled "Blacklist"
with some test Macs.
My biggest issue i keep finding is that i am unable to reference that "Blacklist" Endpoint identity group anywhere in the policy configuration
Any help to a resource would be very helpful!
Solved! Go to Solution.
12-03-2020 08:30 AM
You are in the right place. Click the '+' under your authorization policy that is highlighted blue in your screenshot. Here is an example:
Then assign your respective Authz Profile and/or SGT if using trustsec. HTH!
12-02-2020 12:57 PM
You will/can reference endpoint identity groups in your authz policies for mab onboarding as a condition to match. Try searching for the group using this condition: IdentityGroup-Name EQUALS <blacklist>. HTH!
12-03-2020 07:48 AM
So this is just a test policy set and what not, i don't see anywhere to reference endpoint groups. Am i in the wrong place ?
12-03-2020 08:30 AM
You are in the right place. Click the '+' under your authorization policy that is highlighted blue in your screenshot. Here is an example:
Then assign your respective Authz Profile and/or SGT if using trustsec. HTH!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: