Configuring Endpoint Policies on ISE 3.2+

Chaz · ‎03-21-2024

I am trying to follow a guide on configuring some mPSK authorizations for some aruba AP's and the guide is in an older version of ISE and I almost have it figured out on the newer GUI, but hit a roadblock.

Guide: https://www.wifireference.com/2017/12/10/cisco-identity-psk-what-is-it-and-how-is-it-configured/

Issue: I was able to configure a condition: "IdentityGroup-Name->Endpoint Identity Groups:[Name of Endpoint Group I created]. I saved it and it shows up in the library list, BUT when I go to configure the Policy, the "PolicySet", the conditions that I created are not listed, nor can I search manually for any IdentityGroup names.

Question: How can I create an Authorization policy that points to Identity groups within the conditions?

betliu · ‎04-13-2024

'Identity Group' is not included in the conditions of 'Policy Sets', Identity Group' is the condition of 'Authorization and Authentication', it's not applied to the Policy Set condition.

I took example to set 'Identity Group' as condition of Authorization:

Step1: Create Endpoint Identity Group:

Step2: Create Endpoints and assign it to Endpoint Identity Group created in step1:

Step3: configure Identity Group as condition of Authorization Policy: