Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
880
Views
0
Helpful
2
Replies

HQ and Remote Wired Guest VLAN

ttran
Level 1
Level 1

‎10-12-2012 07:24 AM - edited ‎03-10-2019 07:40 PM

Hello all,

I am having trouble to create a standard condition for Policy Authorization.  Basically there are HQ and remote locations configure for guest access.

Each location has its own guest vlan.  On ISE the standard rule are:

Standard Rule 1 if Unknown AND Wired_MAB then Guest_Access

This rule is working good for HQ.

Standard Rule 2 if (Unknown OR MTL_Devices) AND Wired_MAB_MTL_Guest then Montreal_Guest

This rule is design for remote but Standard rule 1 is taking over because first match applied and since the OR condition may cause some problem

with internal users since the condition is Unknown OR MTL_Devices.  There is no AND condition for this.

Let me know if anyone has idea or have solved this problem.

Thank you.

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎10-12-2012 08:44 AM

Hi,

You need to change the order of your rules, ISE uses the first matched rule from top to bottom, in your case the MTRL is matching the first rule since it is more open than the rule below which has the check for the network device.

Please change the order and see if this fixes your issue, if this doesnt work, post a screenshot of your policies just to make sure we are on the same page.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

ttran
Level 1
Level 1
In response to Tarik Admani

‎10-12-2012 01:07 PM

Hi Tarik,

Thanks for relying.  I tried different way and still no good.  Here is the screen shot.

Preview file
145 KB
0 Helpful
Customers Also Viewed These Support Documents