cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

240
Views
0
Helpful
3
Replies
Highlighted
Beginner

ISE 1.3 Policy Set

We want to create a policy set that hits on a endpoint identity group. An endpoint identity group contains a bunge mac-address which we can't filter out with radius user-name match which work fine for a vendor hit.

Does anybody got an idea of this is possible?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

You cannot create a "Policy

You cannot create a "Policy Set" matching condition based on an endpoint identity group. You have to choose one of the available attributes. For instance, you can match against a NAD group or WLAN ID. Once inside the "Policy Set" you can create different authentication and authorization rules that can reference an endpoint group. 

I hope this helps!

 

Thank you for rating helpful posts!

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

You cannot create a "Policy

You cannot create a "Policy Set" matching condition based on an endpoint identity group. You have to choose one of the available attributes. For instance, you can match against a NAD group or WLAN ID. Once inside the "Policy Set" you can create different authentication and authorization rules that can reference an endpoint group. 

I hope this helps!

 

Thank you for rating helpful posts!

View solution in original post

Highlighted
Beginner

Thanks for clearing that up.

Thanks for clearing that up. Would be nice if you want to use MAB policy matching conditions would be expanded
 

Highlighted
Cisco Employee

No problem! You can always

No problem! You can always submit an enhancement request with your local Cisco team :)