cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

453
Views
5
Helpful
4
Replies
zshowip
Beginner

Policy Set function on authentication and authorization.

Hi 

We know Policy set is a container containing authentication and authorization rules etc. each authentication and authorization policy also has Conditions option for us to fill out, but Policy Set also has Condition option that we use to define. How does this Policy set Condition work? Do you think Policy set condition is  necessary?

1 ACCEPTED SOLUTION

Accepted Solutions

@zshowip you don't need a condition on the default policy set. If you have more than one policy set you will need a unique condition to differentiate between the 2 policy sets.

View solution in original post

4 REPLIES 4
Rob Ingram
VIP Mentor

@zshowip I generally use policy set conditions to distinguish between different connection scenarios, such as 802.1x Open Mode or 802.1x Closed More or Remote Access VPN etc. In a large complex environment, without having multiple Policy Sets you could have a overly complex Policy Set. By using multiple Policy Sets if the connection does not match the condition configured under the Policy Set, it will completely skip that Policy Set until it matches another, at which point it will process the associated authentication and authorisation rules. Depending on the size of your environment, using multiple Policy Sets will speed up the authentication/authorisation process.

 

 

zshowip
Beginner

Thank you Rob! Can I say in some situation, the condition in Policy set is not required? 

@zshowip you don't need a condition on the default policy set. If you have more than one policy set you will need a unique condition to differentiate between the 2 policy sets.

View solution in original post

zshowip
Beginner

Understood. Thank you Rob!