cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

515
Views
5
Helpful
3
Replies
itnetworking
Beginner

Endpoint Blacklist Policy

Hey all, I am trying to replace my currently WLC Blacklist policy of deny based on MAC Address with ISE.

 

My ISe also already does tacacs for network devices

I currently have 802.1x authentication against the Internal AD

and an endpoint identity group labeled "Blacklist"

with some test Macs.

 

My biggest issue i keep finding is that i am unable to reference that "Blacklist" Endpoint identity group anywhere in the policy configuration

 

Any help to a resource would be very helpful!

1 ACCEPTED SOLUTION

Accepted Solutions

You are in the right place.  Click the '+' under your authorization policy that is highlighted blue in your screenshot.  Here is an example:

ep_grp_condition.PNG

 Then assign your respective Authz Profile and/or SGT if using trustsec.  HTH!

View solution in original post

3 REPLIES 3
Mike.Cifelli
VIP Advocate

You will/can reference endpoint identity groups in your authz policies for mab onboarding as a condition to match.  Try searching for the group using this condition: IdentityGroup-Name EQUALS <blacklist>.  HTH!

Screen Shot 2020-12-03 at 08.45.38.png



So this is just a test policy set and what not, i don't see anywhere to reference endpoint groups. Am i in the wrong place ?

You are in the right place.  Click the '+' under your authorization policy that is highlighted blue in your screenshot.  Here is an example:

ep_grp_condition.PNG

 Then assign your respective Authz Profile and/or SGT if using trustsec.  HTH!

View solution in original post

Content for Community-Ad