02-28-2018 07:39 AM
Dear expert,
I'm talking about the section under Work Centers > Device Administration > Device Admin Policy Sets.
In our setup, the device is present under 2 distinct Network Device Groups. One time using a supernet /24 (management subnet) and one time using a /32. This /32 is the devices' host address which is also part of the supernet of course .I'm talking about the section Administration > Network Device Groups
It appears ISE selects the Device Admin Policy based the most specific prefix. So the policy with the /32 will always win.
However, I want it to select the policy based on the order in which it is defined at Work Centers > Device Administration > Device Admin Policy Sets
So basically I want it to cycle through the defined policies like an ACL.
- Check first policy. No Match? Check second policy and so on.
Please explain how to do this.
Many thanks in advance.
Solved! Go to Solution.
03-01-2018 01:09 AM
By default ISE always match first rule match applied.If first not match it continue to the next rule and etc.
It is important how you order rules.
03-01-2018 01:09 AM
By default ISE always match first rule match applied.If first not match it continue to the next rule and etc.
It is important how you order rules.
03-07-2018 09:27 AM
It appears not to do this. It always goes to the same policy linked to the most specific IP. I can't find what's wrong so I decided to open a ticket with support!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide