We currently operate a Wi-Fi network with 802.1x authentication based on a Freeradius distribution.
Now we want to switch to the ISE 2.6. As far as everything works, however, a fact bothers me.
In the "Policy Sets" we have created a new policy which uses the username to "AAA override". It bothers me that under "Authorization Policy" for each user a sub-rule must be created, which checks in which group he is and then uses the values from this group and assigns the appropriate VLAN.
Can one solve this not elegant? For every user, the group with the override values is already deposited. Can one tell me what I need to do to make sure the user is authenticated after being put into the group from their settings?
Background, we distribute about 1500 VLANs, that would also 1500 under-rule in the authorization ... I would like to avoid.
Typically group membership would be used for VLAN override. However if you want per user VLAN, then you can use dynamic attribute. See per user/endpoint VLAN, ACL, SGT use case in the following document:
Threat Response Basics
What is Threat Response and how can it help my organization?
What is the cost of Threat Response?
What are the deployment options for Threat Response?
Is Threat Response available outside of the United States?
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...