
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2017 09:48 PM - edited 02-21-2020 10:40 AM
Hello,
Does anyone ever try below scenario before?
I'm using Cisco ISE 2.3 for Device Administration (TACACS). One thing I want to try is using Guest Account created from Sponsor Portal to be using in Device Policy Sets for Authentication and Authorization.
First, I created 2 Guest Type called: Monitor & Read Only
Second, I created an account from Sponsor Portal and assigned in Read_Only Guest Type:
Third, I setup the Device Admin Policy Sets. Now, I focused on Authorization Policy since the Authentication Policy is work for me.
After I save the policy above, I tried to test AAA on a Cisco Switch. Unfortunately, it fails on Authorization and got default Deny Shell Profile. Below is the result:
I still don't know why the Authorization policy rule doesn't work for IdentityGroup. Does anyone here ever try this scenario before?
Thank you in advanced
Arie
Solved! Go to Solution.
- Labels:
-
Other NAC
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2017 02:13 AM
Hi,
I would like to tell that there is a bug:
CSCvh12508
It makes authorization rule can't read the guest database and that's why my authorization rule doesn't work with guest type identity group.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2017 01:12 PM
Please paste all details from your shell profile "ReadOnly_Profile_Cisco"
/
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2017 07:46 PM
Hi,
This is the detail of "ReadOnly_Profile_Cisco"

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2017 02:13 AM
Hi,
I would like to tell that there is a bug:
CSCvh12508
It makes authorization rule can't read the guest database and that's why my authorization rule doesn't work with guest type identity group.
