Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
1
Replies

ISE policy based on user location

Rick Daoust
Level 1
Level 1

‎03-13-2014 06:51 PM - edited ‎03-10-2019 09:31 PM

I'd like to create a policy that would be applied to our wireless clients based on their location. According to all the ISE documentation this is possible; however I haven't found any documentation explaining how. Was anyone created such a policy? If so, could you provide some assistance on how you were able to determine the clients location? Thank, Rick
Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎03-16-2014 05:33 PM

Cisco ISE allows you to create hierarchical Network Device Groups (NDGs) that contain network devices. NDGs logically group network devices based on various criteria such as geographic location, device type, and the relative place in the network (like "Access Layer" or "Data Center," for example).


Managing Network Device Groups

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_network_devices.html

Once you are done with that you can create a rules under policy elements based on device location. In your case it would be a WLC. Remember, it would be location of the network access device and not the end client. If condition matches you will get the desired results.

Hope it helps.

 

Regards,

Jatin Katyal

*Do rate helpful posts*

~Jatin
0 Helpful
Customers Also Viewed These Support Documents