cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
518
Views
0
Helpful
2
Replies

ISE Authorization Condition

Terry
Level 1
Level 1

Hi

I have a requirement to setup ISE in such a way that it differentiates between switches within a switch stack. Does anyone know if there is an expression that I could use within an authorization compound condition that will achieve the following:

If a device using MAB connects to switch 1 in the stack it will be assigned to VLAN 10.

If the same device connects to switch 2 in the same stack it will be assigned to VLAN 20.

Thanks

Terry

1 Accepted Solution

Accepted Solutions

jan.nielsen
Level 7
Level 7

You could use the interface numbering as a condition, the switch does not send any information about stack numbering. I don't remember the specific av pair, but you should be able to find it in the live log details.

View solution in original post

2 Replies 2

jan.nielsen
Level 7
Level 7

You could use the interface numbering as a condition, the switch does not send any information about stack numbering. I don't remember the specific av pair, but you should be able to find it in the live log details.

Perfect, thanks Jan

Radius:NAS-Port-Id Starts with GigabitEthernet1/0/

Regards

Terry

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: