I am attempting to create an ISE V2.1 authorization policy based on the switchport access VLAN assignment. I have read in some documents that the Radius AV pairs that might apply are:
cisco-avpair="tunnel-type(#64)=VLAN(13)"
cisco-avpair="tunnel-medium-type(#65)=802 media(6)"
cisco-avpair="tunnel-private-group-ID(#81)=2" (2 is my vlan id)
The policy I have tried which is not working consists of the 3 statements in an "AND condition."
radius:tunnel-type = VLAN
radius:tunnel-private-group-ID = 270 <-------- "switchport access vlan 270"
radius:tunnel-medium-type = 802
I have also tried just the private-group-ID = 270 by itself and no luck on that either.
Any help is most appreciated.