Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1104
Views
20
Helpful
2
Replies

ISE Management Policies Sugestion

julianomluz
Level 1
Level 1

‎04-28-2022 04:41 AM

I want to simplify our management policies in ISE  for the devices. For management policies I mean the rules that allow access (cli, http, console) to the devices. We have dozen of different device types (routers, switches, firewalls, ...) and today we filter this by NAS-Service-Type and NAS-Port-type. Since every brand/model send different attributes, the rules are becoming confuse. My question is how do you organize this type of rules? Is there a way to filter management access using only a few common conditions? 

0 Helpful
2 Replies 2

Charlie Moreton
Cisco Employee
Cisco Employee

‎04-28-2022 06:59 AM

Device Admin in ISE allows for Policy Sets.  I build out my TACACS Profiles based upon Vendor and Type.  Then I create a different Policy Set per Vendor and Type (switches/Wireless Controllers/etc.)  Of course, those that use the same attributes can be (and are) grouped in the same Policy Sets.

thomas
Cisco Employee
Cisco Employee

‎04-28-2022 09:39 AM

Since Charlie did not shamelessly plug his upcoming webinar on this very topic, I will!

Register for Building ISE RADIUS Policy Sets happening next week!

If you cannot make it, it will be posted to our CiscoISE YouTube Channel ~1 week after the delivery.

 20220503 ISE Webinar - Building ISE RADIUS Policy Sets - promo.png

 

Customers Also Viewed These Support Documents