cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4573
Views
12
Helpful
2
Replies

Global vs Local Exceptions in an Authorization Policy

Chess Norris
Level 4
Level 4

I am a bit confused about the Global vs Local exceptions. I am currently using a policy set matching on wired and wireless MAB

and I want to create an authorization exception for quarantine. I also have a policy set matching on wired and wireless 802.1x. If I use a global exception, does that mean I only need to create it for the first policy or does it need to be included in both policy sets? If so, what would be the difference from a local exception?

 

Thanks

/Jorgen

1 Accepted Solution

Accepted Solutions

Surendra
Cisco Employee
Cisco Employee
Here is the detailed info about exception policies : https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100101.html#ID37

You do not need to configure global exceptions everywhere. Priority is given to local exceptions before evaluating global exceptions if configured.

View solution in original post

2 Replies 2

Surendra
Cisco Employee
Cisco Employee
Here is the detailed info about exception policies : https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100101.html#ID37

You do not need to configure global exceptions everywhere. Priority is given to local exceptions before evaluating global exceptions if configured.

Thank you for the confirmation.

 

BR

/Jorgen 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: