I have been reading about this but I would like to get confirmation as it gets quite confusing lol
Anyway, my client has an ISE distributed env based on Dedicated PAN, Mnt and PSNs
They will be using many RSA servers as external identity sources.
Because of the distribution of the PSNs group of network devices (NAD group) will be using specific PSNs and other group of NADs other PSNs.
For specific groups of devices (NAD grouped per location for example) can they use a specific RSA server? As
This seems possible using rule based authentication policies in ISE.
However although it seems to be based on specific ISE attributes only part of the ISE dictionary
It seems we can group PSN together as a mode group.
So in this case I can def configure each NAD to point to specific “node group” then using rule based authentications asking these Node groups (based on device IP or device network group or location) to use a specific RSA servers.
If you could chime in I would appreciate.