05-27-2019 02:30 AM - editado 05-27-2019 04:41 AM
Hi All,
I need some advise regarding authorisation policies that are required to profile some printers
I have configured a policy that matches on Logical Profile: Printers, however, this profile is never hit when I connect a new printer, and the device always hits the default DenyAccess rule.
When testing I noticed that the NAD will not send any device-sensor info until after authorisation succeeds. To get this working, I changed the default rule to PermitAccess which then drops the printer into the switchports native VLAN. The printer then gets profiled correctly, and with a CoA reauth, gets moved to the correct rule which places the printer in the desired VLAN.
Is this the correct and expected behavior? If so, is it ok change to the default rule to PermitAccess, perhaps with a DACL that denys all IP to be on the safe side? Are there any better ways of doing this?
Solucionado! Ir para a Solução.
em 05-28-2019 03:01 PM
em 05-27-2019 03:09 AM
Hi Dm,
If the condition created on the policy is not matching then the default policy will get applied.
Refer the ISE Profiling Design Guide
em 05-28-2019 03:01 PM
Descubra e salve suas ideias favoritas. Volte para ver respostas de especialistas, passo a passo, tópicos recentes e muito mais.
Novo por aqui? Comece com estas dicas. Como usar a Comunidade Guia do novo membro