10-17-2019 01:12 PM
If I have two separate fabric sites separated by an IP transit, but a common VN configured in both (different subnet per site), how do I create one authorization policy in ISE for that users of that vn?
When I go to create an authorization result to enable someone to be connected to the VN, I select an Sgt, followed by the VN and then the subnet. I always have to choose the subnet, despite this being unimportant. Do I now need ise authorization rules per site? For hundreds of sites this cant be practical, so how should this work? Or is the subnet in the result ignored by the receiving edge switch?