Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3534
Views
5
Helpful
2
Replies

ISE Profiling - What is "exception action" and "static assignment"?

muthumohan
Level 1
Level 1

‎09-06-2012 08:22 AM - edited ‎03-10-2019 07:30 PM

Hi All,

I am new to ISE and catching up on things. I am at the profiler and could not clearly understand the two things:

- Exception Action. - what is this for and when/how to use it?

- static assignment - again, not sure of the real purpose?

would appreciate if some can explain me these two things or point me to a good document.

Thanks,

Mohan           

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎09-06-2012 01:07 PM

Exception action is an action you can trigger in a profiling policy (such as an nmap scan or CoA) the default exception action is to trigger CoA when a endpoint is profiled from unknown to known, and when an endpoint is deleted. An exception action for example will be to trigger CoA when a device is profiled as a Cisco Device, so they can match another condition after the dhcp information is received after the initial authentication, so know they probably match a Cisco phone 7975...

Static assignment is to statically assign an endpoint to a identity group so they dont bounce around and get reprofiled. Once they meet this condition they are stuck until you delete the endpoint. Usually static entries are present when up load multiple endpoints via csv...

Hope that helps!

Tarik Admani
*Please rate helpful posts*

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎05-28-2013 03:53 AM

These are the two types of authorization  policies that you can configure:

•Standard

•Exception

Standard policies are policies created to  remain in effect for long periods of time, to apply to a larger group of users  or devices or groups, and allow access to specific or all network  endpoints
contrast, exception policies are appropriately named because this  type of policy acts as an exception to the standard policies. Exception polices  are intended for authorizing limited access that is based on a variety of  factors (short-term policy duration, specific types of network devices, network  endpoints or groups, or the need to meet special conditions or permissions or an  immediate requirement).

Exception policies are created to meet an  immediate or short-term need such as authorizing a limited number of users,  devices, or groups to access network resources. An exception policy lets you  create a specific set of customized values for an identity group, condition, or  permission that are tailored for one user or a subset of users. This allows you  to create different or customized policies to meet your corporate, group, or  network needs.

Static Assignment :
You can assign an  endpoint to an identity group statically. In such cases, the Profiler service  does not change the identity group the next time during the policy evaluation  for these endpoints, which are previously assigned dynamically to endpoint  identity groups in Cisco ISE.

0 Helpful
Customers Also Viewed These Support Documents