cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
308
Views
0
Helpful
3
Replies
Beginner

Cisco ISE Authorization policy without Plus License

Hi, 

 

Can i create an Authorization policy for IP phones without having Plus (Profiling ) License ? Could you please confirm the below scenarios ?

 

Example 1 :  MAB and create an Authorization policy with OUI (if  MAC is equal to aa:bb:cc ) and apply enforcement  (Put in VLAN Voice ). This will not require a Plus License .

 

Example 2: Manually  create MAC data base for MAC authentication and create an Authorization policy with OUI (if  MAC is equal to aa:bb:cc ) and apply enforcement  (Put in VLAN Voice ). This will not require a Plus License.

 

Note : IP phones do not support  dot1x authentication, what would be the best approach to apply authorization policy without having Plus license?

 

Thanks in advance !

Regards,

MD

2 ACCEPTED SOLUTIONS

Accepted Solutions
Rising star

Re: Cisco ISE Authorization policy without Plus License

Plus licenses will be consumed if/when you use profiled endpoint groups in your auth conditions to drive network policy. You can easily accomplish this using local ise endpoint groups that you add your MACs to. Then just reference the group in your authz condition so that if the mac exists in that group then you drive policy for your voice vlan. HTH!
Cisco Employee

Re: Cisco ISE Authorization policy without Plus License

They are both valid options of manual assignment. Would recommend MAB to VOICE VLAN
3 REPLIES 3
Rising star

Re: Cisco ISE Authorization policy without Plus License

Plus licenses will be consumed if/when you use profiled endpoint groups in your auth conditions to drive network policy. You can easily accomplish this using local ise endpoint groups that you add your MACs to. Then just reference the group in your authz condition so that if the mac exists in that group then you drive policy for your voice vlan. HTH!
Highlighted

Re: Cisco ISE Authorization policy without Plus License

Hi @munish.dhiman1

 

For your scenario, Plus license is not required.

 

As you mentioned you can create a Authorization policy and provision VLAN through ISE.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
Cisco Employee

Re: Cisco ISE Authorization policy without Plus License

They are both valid options of manual assignment. Would recommend MAB to VOICE VLAN