Hi Tim, I tried this too and no joy.

It is only a 2 node deployment and is definitely the correct node as I can see it in the Live Authentication details tab for client as Policy Server.

Which version of ISE are you using?

Regards,

-Tim

Very latest 2.1 Patch 1  (2.1.0.474) Patch 1

Hi Hslai, I received the debugs logs and I could see it was picking up the correct Authorization Policy.

I then went back to the RADIUS live logs and I could see again it was picking up the correct Authorization Policy.

So it is working , perhaps I was mistaking it for Authorization Profile name which is same as the old/duplicate rule.

Just to confirm I am using an attirbute of Network Access: ISE Hostname Equals <ISE HOSTNAME  CASE SENSITVE>

Thanks

Hi,

Same problem, the condition ISE Hostname Equals <ISE HOSTNAME  CASE SENSITVE> works for only one ISE but not for the other one.

It doesn't work with ISE 2.1 patch 2 neither.

Please open a TAC case if the setup is for production or customers'. In case it's your lab, please share debug log snippets and more details on

works for only one ISE but not for the other one.

Hi Thiabault, this actually worked fine for me in the end.

I had reviewed the RADIUS Live Logs incorrectly, it was actually hitting the correct Authorization Rule for ISE2, I was reading the logs wrongly and mistaking the Authentication Rule as being the Authz rule.

If this is for Guest WLC make sure you specific the correct PSN (RADIUS) server configured on your Guest Wireless SSID.

Also use the details tab under via RADIUS Live Logs for more information.

Thanks.