Solved: ISE Policy Question

SecurityJumbo · ‎11-16-2022

I'm using ISE as a NAC (Network Access Control) and wondering if I can run multiple policies to the same device. I mean how I can allow multiple policies in the "Policy Set" window match and apply on the same device. Is that possible on ISE ??

Marvin Rhoads · ‎11-18-2022

An ANC-based event would typically come in asynchronously - i.e., distinct from the device's initial connection. If you want to check the external status at the time of connection, you can make the authorization condition a compound rule with logical AND/OR relationship between the different rule elements.

View solution in original post

balaji.bandi · ‎11-16-2022

what kind of policies you like to bind give some examples.

or watch the below video to get an idea :

https://www.youtube.com/watch?v=gEnWHS8nBZ4

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SecurityJumbo · ‎11-17-2022

Hello @balaji

I'm checking if I can apply multiple policy set to the same device with different condition. I want to check and force the radius 8021x authentication and authorization first and then in the second policy I want to use the ANC Policy name as a condition based on the integration with third-party platform.

Example:

policy 1 --> Radius 8021x/MAB

policy 2 --> Change Vlan based on the ANC Policy name from other tool

Marvin Rhoads · ‎11-18-2022

An ANC-based event would typically come in asynchronously - i.e., distinct from the device's initial connection. If you want to check the external status at the time of connection, you can make the authorization condition a compound rule with logical AND/OR relationship between the different rule elements.