Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Polic...

getaway51 · ‎10-27-2019

Hi,

Under Convext visibility, Device goes into Authentication Policy-Default, Authorization policy-Policy1.

May i know Authentication Policy-Default is it Deny ALL?

This device is a Voice device, i falls to default ISE profile grp.

May I knw wht is inside Authentication Policy-Default? How to view it?

Mike.Cifelli · ‎10-28-2019

You can view your policies under Policy->Policy Sets-><your policy>
To view the authz result profiles: Policy->Policy Elements->Results->Authorization->Authorization Profiles
Good luck & HTH!

getaway51 · ‎10-28-2019

Hi,

Thanks for yr guidance. I attached the screenshot. By the way i cant find Authentication-Default under

Policy->Policy Elements->Results->Authorization->Authorization Profiles

or where shld i look Authentication-Default?

I just wanted to know why it falls under Authentication-Default and what impact Authentication-Default has for this device

Mike.Cifelli · ‎10-28-2019

Now I think I have a better understanding of what you are asking. The default policy is the policy nodes hit when they do not match any of your configured policies in authc or authz policies. The authc impact depends on how you have configured your options (if auth fail, if user not found, if process fail). The authz impact depends on what authz profile you assign.

getaway51 · ‎10-28-2019

actually this device which is avaya-device hits the MAB policy set.

In this case, it hits the correct authz policy but goes to authc-default.

"The default policy is the policy nodes hit when they do not match any of your configured policies in authc "

This is the part i dont understand, the device falls under customized identity grp of Avaya-voice which is configured in the authc policy as well. fyi the device mac address was added manually into identity grp of Avaya-voice.