Hi All,
I'm running an ISE 1.1.1 and i need to authenticate guest users.
The goal is apply different Authorization profile to the same guest user based on the thevice he use to connect to the guest wlan.
I.E.:
if guest user "user1" connect to the guest WLAN using a windows laptop, than apply "Guest" authorization profile
if guest user "user1" connect to the guest WLAN using an Apple iPad, than apply "Mobile" authorization profile
I've tried to deployed the following 2 authorization policy:
1)if "Apple-Device" and "IdentityGroup:Name EQUALS Guest" then "Mobile"
2)if "Guest" then "Guest"
but the first rule never match and even if I use and iPad to access the guest network the "Guest" authorization Profile is matched
I've verified that the iPad is correctly recognized as an Apple-Device changing for test purposes the rule table in
1)if "Apple-Device" then "Mobile"
2)if "Guest" then "Guest"
and the "Mobile" profile is correctly applied.
Any suggestion on how define a condition to match a Device and an Identity Group?
Thank You
Regards
Gabriele
Hi,
thank You for the answer.
Checking the Endpoint Identity I can confirm that it is correctly profiled
I've disabled the "apple device" condition in the authorization policy but the rule still don't match.
Rule
Authorization result
Authorization result detail
I've deleted the device from the profiled endpoint and I've repeated the test but the result is the same
Do You have any other suggestion?
Thanks for your help
Regards
Gabriele
If You want to matching internal user group under other conditions, use InternalUser:IdentityGroup instead.
For example,
InternalUser:IdentityGroup EQUALS User Identity Groups:Guest
Regards
Gabriele
