08-12-2019 08:35 AM
I am trying to configure ISE to restrict access to network devices for an AD group, limiting access to the security group to limited show commands but I am struggling with the authorization policy or how to configure the limited access.
I have a policy set name and condition set to DEVICES: routers, switches, firewall; the default rule set to "default network access" in authentication policy.
In authorization policy, I have a rule with the AD group as a condition then permit access (permissions) but unable to login to devices unless I move the policy set to the top of my Policy list.
Is it possible to use Advanced Attributes Settings within Policy Elements--Results--authorization profiles to create a restricted rule?
This is grey area for me and assistance or guidance will be appreciated.
Solved! Go to Solution.
08-13-2019 09:20 PM
Hi @shiznity2k
This Device Admin Prescriptive Guide is probably the best guide for you.
Failing that, check out the www.labminutes.com guide if you prefer a nice video tutorial
08-13-2019 09:20 PM
Hi @shiznity2k
This Device Admin Prescriptive Guide is probably the best guide for you.
Failing that, check out the www.labminutes.com guide if you prefer a nice video tutorial
08-14-2019 08:40 AM
many thanks..I stumbled on labminutes later that day and he had a video for my specific issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide