I have a question about “stacking” profiles. By stacking, I mean, I have setup ISE to NMAP and profile an factory new endpoint to an initially trusted endpoint profile and assign it to an identity group as a candidate for further processing.
The initial profile works great, the NMAP performs its scan, meeting a profiler policy condition through customized NMAPExtension and the system places the endpoint in a selected Identity Group called “candidate”.
Life would be so easy if I left the endpoint in this state, but I have this access requirement to first profile the endpoint and use a graduated approach from a candidate (member of this identity group) to a higher set of authorizations including VLAN/dACL assignment.
My initial approach was to build a policy set outside of the initial working set that bought the “layer0-endpoint” to “layer1-candidate” and then once in the candidate stage, authorized it to a different authorization profile, turning it into “layer2-release”. Obviously, I am performing configurations to the endpoint when they transition through the phases – including an eventual DOT1X implementation in the end.
Goes from out of the factory sealed box and added to the network - layer0-endpoint -> layer1-candidate -> layer2-release
I’ve tried a few things, yet nothing is working. At this point, I’m unsure it is even possible to first profile an endpoint into a candidate and then into release – or my profile stacking concept.
So my question is not related to stacking profiles (I guess considered "reprofiling")... I suppose I want to create a new policy set to apply to the “layer1-candidate” after it has been given an Identity Group Assignment to my group - and then once you become a member of that group, you get updated permissions (new VLAN/dACL) given the endpoint modified access.
I just do see how this is done with the Policy Set Conditions Studio. I just don't see a dictionary which allowes me to choose some of the ISE parameters like the grouping the endpoint belongs to or its currently assigned policy.