cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

747
Views
0
Helpful
1
Replies
steelinquisitor
Beginner

ISE Authorization Policy

Hey guys,

I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rejected per authorization profile."

Under the Policy > Authorization, I created a rule where I just want to allow on EAP-TLS either via machine or user identity, and the bottom is the default DenyAccess. When I tried to join the wireless network, I kept getting denied. I checked the ACL counters on the WLC side and it was not increasing.

I changed the default DenyAccess to PermitAccess, and I was able to join the wireless network no problem, and the ACL counters on the WLC side increased.

It seems like I am hitting the default Authorization Policy first which is on the bottom of the authorization policy.

I attached the failed and authenticated logs that I got from ISE.

Has anyone have encoutered this issue?

The version that I have is 1.1.1

Thanks

P.S.

I went back to check my autorization condition, and it is blank (See the 1st screenshot)

1 REPLY 1
Amjad Abdullah
Engager

Hi,

it is obvious that you are not matching any condition.

rather than keeping the condition blank, fill it with a condition that is always match and try if that helps.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Content for Community-Ad