cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
607
Views
1
Helpful
1
Replies

Configuring Endpoint Policies on ISE 3.2+

Chaz
Level 1
Level 1

I am trying to follow a guide on configuring some mPSK authorizations for some aruba AP's and the guide is in an older version of ISE and I almost have it figured out on the newer GUI, but hit a roadblock. 

Guide: https://www.wifireference.com/2017/12/10/cisco-identity-psk-what-is-it-and-how-is-it-configured/ 

Issue: I was able to configure a condition: "IdentityGroup-Name->Endpoint Identity Groups:[Name of Endpoint Group I created]. I saved it and it shows up in the library list, BUT when I go to configure the Policy, the "PolicySet", the conditions that I created are not listed, nor can I search manually for any IdentityGroup names. 

Question: How can I create an Authorization policy that points to Identity groups within the conditions? 

1 Reply 1

betliu
Cisco Employee
Cisco Employee

'Identity Group' is not included in the conditions of 'Policy Sets', Identity Group' is the condition of 'Authorization and Authentication', it's not applied to the Policy Set condition.

I took example to set 'Identity Group' as condition of Authorization:

 

Step1: Create Endpoint Identity Group:

betliu_7-1713070406868.png

betliu_8-1713070428460.png

Step2: Create Endpoints and assign it to Endpoint Identity Group created in step1:

betliu_9-1713070458166.png  


betliu_10-1713070479095.png

Step3: configure Identity Group as condition of Authorization Policy:

betliu_11-1713070507176.pngbetliu_12-1713070516749.png

 

betliu_13-1713070526266.png

 

Review Cisco Networking for a $25 gift card