cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
438
Views
0
Helpful
3
Replies

How to do policy that deny access by the machine os

Hi All !

I need to add a authorization rule by the machine os. With this rule i want allow or deny access, for example if the machine is a windows machine or mac os machine, the user can access to the Lan.

I have a authrorization rule create in my ISE server, but not work. I attach a screen capture.

My ISE Server Version: 2.3.


Thanks so much

1 Accepted Solution

Accepted Solutions

gschmitt.ngit
Level 1
Level 1

Hello Cesar,

Start by checking in Context Visibility > Endpoints > Authentication for the MAC address of the Windows workstation. Compare the attributes collected by profiler to the Policy > Profiling conditions for the Windows-Workstation-OS profile. If the conditions required to trigger the Windows-Workstation-OS profile are there, then further checking as to why the Policy Sets policy condition is not being triggered is required. If the conditions required to trigger the Windows-Workstation-OS profile are not there, then further checking into the Profiling configuration is required.

Cheers,

Greg

View solution in original post

3 Replies 3

gschmitt.ngit
Level 1
Level 1

Hello Cesar,

Start by checking in Context Visibility > Endpoints > Authentication for the MAC address of the Windows workstation. Compare the attributes collected by profiler to the Policy > Profiling conditions for the Windows-Workstation-OS profile. If the conditions required to trigger the Windows-Workstation-OS profile are there, then further checking as to why the Policy Sets policy condition is not being triggered is required. If the conditions required to trigger the Windows-Workstation-OS profile are not there, then further checking into the Profiling configuration is required.

Cheers,

Greg

I test it

Thanks

gbekmezi-DD
Level 5
Level 5

What kind of profiling are you doing? Are these all wireless or wired? Are you sending DHCP information to ISE via device sensor or WLC radius profiler?