Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
2
Replies

ISE 2.3 BYOD moving non-compliant users to a different SSID

Madura Malwatte
Level 4
Level 4

‎03-02-2019 03:15 PM

ISE 2.3 patch 5

 

I am doing byod with dual SSID, once the user onboards they switch over from the byod ssid to the secure corporate SSID. Then they go through posture check, if a user is deemed non-compliant is there a way we can force them out of the secure corporate SSID and on to maybe the guest SSID? We don't want to leave a posture non-compliant user in the corporate SSID. What options are available besides restricting access using an ACL?

0 Helpful
2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-02-2019 04:15 PM

You can accomplish this by using separate authorization policies and using the predefined PostureStatus ISE conditions:
For example:
Session PostureStatus equals Compliant THEN have authz result move host into secure area.
Session PostureStatus equals NonCompliant THEN have authz result move host into non-secure area

HTH!
0 Helpful

Madura Malwatte
Level 4
Level 4
In response to Mike.Cifelli

‎03-03-2019 05:25 AM

Hi Mike,

Yes I am aware of the posture status conditions and currently using them. I am not sure how to "have authz result move host into non-secure area", how can this be done for wireless?

0 Helpful
Customers Also Viewed These Support Documents