12-18-2013 10:45 AM - edited 03-10-2019 09:12 PM
Hey guys,
I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rejected per authorization profile."
Under the Policy > Authorization, I created a rule where I just want to allow on EAP-TLS either via machine or user identity, and the bottom is the default DenyAccess. When I tried to join the wireless network, I kept getting denied. I checked the ACL counters on the WLC side and it was not increasing.
I changed the default DenyAccess to PermitAccess, and I was able to join the wireless network no problem, and the ACL counters on the WLC side increased.
It seems like I am hitting the default Authorization Policy first which is on the bottom of the authorization policy.
I attached the failed and authenticated logs that I got from ISE.
Has anyone have encoutered this issue?
The version that I have is 1.1.1
Thanks
P.S.
I went back to check my autorization condition, and it is blank (See the 1st screenshot)
12-18-2013 10:54 PM
Hi,
it is obvious that you are not matching any condition.
rather than keeping the condition blank, fill it with a condition that is always match and try if that helps.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide