01-17-2024 12:31 AM
Hello guys,
I'm struggling with one problem in our network
we have a Computers with certificates and we have an automation/rule in ISE which is working like this:
when the certificate is being found on the PC, the device is going to the Client vlan(offices etc) all MAB devices going to production,
but sometimes we need to keep some PC's with a certificate on the production.
In Cisco ISE we are selecting the correct identity group(for production) to given PC but ISE is still forcing such PC's to use Client Vlan do you know what we have to change ?
Solved! Go to Solution.
01-17-2024 01:58 AM - edited 01-17-2024 01:59 AM
probably you just need to change priority / order of the policies/rules
and stop processing on first match
first - PC's with certificate + production group
then - PC's with certificate
01-17-2024 01:58 AM - edited 01-17-2024 01:59 AM
probably you just need to change priority / order of the policies/rules
and stop processing on first match
first - PC's with certificate + production group
then - PC's with certificate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide