Solved: Global vs Local Exceptions in an Authorization Policy

Chess Norris · ‎11-13-2018

I am a bit confused about the Global vs Local exceptions. I am currently using a policy set matching on wired and wireless MAB

and I want to create an authorization exception for quarantine. I also have a policy set matching on wired and wireless 802.1x. If I use a global exception, does that mean I only need to create it for the first policy or does it need to be included in both policy sets? If so, what would be the difference from a local exception?

Thanks

/Jorgen

Surendra · ‎11-13-2018

Here is the detailed info about exception policies : https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100101.html#ID37

You do not need to configure global exceptions everywhere. Priority is given to local exceptions before evaluating global exceptions if configured.

View solution in original post

Surendra · ‎11-13-2018

Here is the detailed info about exception policies : https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0100101.html#ID37

You do not need to configure global exceptions everywhere. Priority is given to local exceptions before evaluating global exceptions if configured.

Chess Norris · ‎11-13-2018

Thank you for the confirmation.

BR

/Jorgen