02-08-2019 01:06 AM - edited 03-11-2019 01:55 AM
Hello Experts,
I am running ISE 2.4 with patch 4.
In the authorization policy is it possible to push two authorization profiles?
If yes, then which ones will take the precedence?
Or is this something that the design of ISE does not allow?
Any pointers or documentation to achieve this?
Solved! Go to Solution.
02-11-2019 04:17 AM
02-08-2019 01:42 AM
02-08-2019 08:24 AM
02-11-2019 02:27 AM
I was thinking about a use case, where the WLC has ACL has a limitation of 64 lines in single ACL. So, what if I create multiple dACL and push them via authorization profiles, thus increasing the overall capacity.
02-11-2019 04:17 AM
02-11-2019 06:59 AM
bern81 is correct that WLC not using DACL. If needing many ACEs, then you should consider another solution (e.g. ASA) to perform the enforcement.
02-11-2019 11:47 PM
Well, that makes sense...
Thank you for all the inputs...
02-09-2019 03:40 PM
If the matched authz policy rule has multiple profiles. They are combined in such way that distinct attributes will all apply and the first values of the same attributes will apply.
For example, the following rule has three authz profiles:
As the DACL is unique and VLAN assignments are duplicated, the resulting permissions would have DACL PERMIT_ALL and the first VLAN assignment, which set to 100.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide