Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1628
Views
0
Helpful
2
Replies

ISE Authorization Policy - Network Device Management

Go to solution
Dan Man
Level 1
Level 1

‎10-07-2020 05:35 AM

First of all, thank you in advance for reading my question!

 

I've created a policy set, in which I've added a Network Management set to manage our network equipment.  I've added the devices to the Network devices.  Created the authentication and authorization policies.  It works great!  Here's my issue.  When I create the network devices, I add a location to each device, and then I've added that location to the "All Locations" group.  Is there a way(and I've already tried, but it's not working), where in the Authorization policy, I can add the "All Locations" option, so that I don't have to add each switch device IP into the authorization policy?  All I have to do is add the network device, set up its location, and add that location to the "All Locations" group, and that's it.  Just curious if that's even possible.  It would suck to have to add the switch to the Network devices, and then have to add the device IP to the authorization policy.  Thanks again!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-07-2020 06:28 AM

Within authz policies you have the ability to utilize DEVICE:Device Type condition which would allow you to drive policy based on the type (owner/building/etc.).  Another condition you can utilize is Network Access: NetworkDeviceName.  That condition could be possible for your scenario.  For example: if all your switch names start with ABCDEF you could use this condition: Network Access: NetworkDeviceName STARTSWITH: ABCDEF.  

HTH!

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-07-2020 06:28 AM

Within authz policies you have the ability to utilize DEVICE:Device Type condition which would allow you to drive policy based on the type (owner/building/etc.).  Another condition you can utilize is Network Access: NetworkDeviceName.  That condition could be possible for your scenario.  For example: if all your switch names start with ABCDEF you could use this condition: Network Access: NetworkDeviceName STARTSWITH: ABCDEF.  

HTH!

 

0 Helpful

Go to solution
Dan Man
Level 1
Level 1
In response to Mike.Cifelli

‎10-13-2020 01:11 PM

Mike, thank you!  This worked fantastically for me!  I appreciate it!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents