Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
2
Replies

ISE: create rules with AD groups for Users and Computers

chrbar.net
Level 1
Level 1

‎08-07-2013 08:24 AM - edited ‎03-10-2019 08:44 PM

Hello,

We've just begun to work with ISE.
Is it the good place to post on ISE, or there is a dedicated forum in another place?

We'd like to create some rule depending of Computer member groups AND Users member groups from AD, but we meet some difficulties.

We've created AD groups for Computers and Users depending of their Department:
Users_1
Users_2
Computers_1
Computers_2

When we create some basics rules regarding one group only:
- with a group Computers_x to attribute a specific VLAN to a computer (when no Windows session is opened), it runs correctly.
- with a group Users_x to attribute a specific VLAN to an user (when Windows session is opened), it runs correctly.

But when we create a rule regarding a group from Computers and one from Users, to attribute a specific VLAN to an user on a specific computer, this rule is not applied.

Is it possible to use ISE on this way?

Thanks for help.

Regards,
Chris

Labels:
0 Helpful
2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee
In response to manjeets

‎08-21-2013 02:54 AM

Enable EAP Chaining— if  you want Cisco ISE to allow authentication of both machine and user in the same  EAP-FAST authentication.


http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_80_eapchaining_deployment.pdf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents