01-25-2022 01:11 PM - edited 01-25-2022 01:13 PM
I am sending CDP attributes to ISE during endpoint authentication. I am struggling to use these attributes in an authorization policy. I want a policy that matches if cdpCachePlatform contains 'Phone'. So far, the policy does not match.
This is the policy I created
This is the dictionary I created.
Solved! Go to Solution.
01-25-2022 03:16 PM
You mention in another post "I want to avoid authenticating phones to ISE because it requires a plus license for profiling". Do you have the Plus license enabled?
The feature you are trying to use also leverages information from Profiling, so you would need the Plus/Advanced license enabled.
The CDP information is learned from the Profiling probes (likely sent by Device Sensor on the switch to ISE via the RADIUS probe).
01-25-2022 03:16 PM
You mention in another post "I want to avoid authenticating phones to ISE because it requires a plus license for profiling". Do you have the Plus license enabled?
The feature you are trying to use also leverages information from Profiling, so you would need the Plus/Advanced license enabled.
The CDP information is learned from the Profiling probes (likely sent by Device Sensor on the switch to ISE via the RADIUS probe).
01-25-2022 03:49 PM
Ah ok, thank you, I was not aware of that.
It may seem simple to assume that since voice voice vlan assignment works so well locally that you could bypass authentication for voice devices, but I have not found that to be the case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide