I am trying to configure ISE to restrict access to network devices for an AD group, limiting access to the security group to limited show commands but I am struggling with the authorization policy or how to configure the limited access.
I have a policy set name and condition set to DEVICES: routers, switches, firewall; the default rule set to "default network access" in authentication policy.
In authorization policy, I have a rule with the AD group as a condition then permit access (permissions) but unable to login to devices unless I move the policy set to the top of my Policy list.
Is it possible to use Advanced Attributes Settings within Policy Elements--Results--authorization profiles to create a restricted rule?
This is grey area for me and assistance or guidance will be appreciated.
