Compound boolean condition in ISE?

jilahbg · ‎03-15-2012

Hello

In ISE I have to define a complex condition as a requirement for an authorization policy. Like this:

(member of group X) AND ((wlan id 1) or (wlan id 2))

Can this be done? I can see that I can enter multiple conditions but there is only one AND/OR dropdown for the entire window which will give me either "x AND y AND z" or "x OR y OR z".

what am I missing?

Best regards

Jimmy Larsson

Sent from Cisco Technical Support iPad App

SCOTT VOLL · ‎03-15-2012

This is possible. it is done in the Policy --> Policy Elements --> Conditions. Create your boolean condition then go back to your policy and use it.

Scott

jilahbg · ‎03-16-2012

Hello

Sorry if I was unclear. I am fully aware of where to create a condition. However, I cannot see how to create a complex condition like the one I describes.

Can you clearify: If i go into Policy Elements - Condition and creates a new condition, what are the exact steps to create a condition like:

A = 1

and

(B = 2 OR C=3)

Thanks in advance

Regards

Jimmy

DENNIS BAAS · ‎03-16-2012

I ran into the same issue. I fixed this, but I hope someone has a better idea, as follows:

In Policy Elements > Conditions:

- create a Authorization compound condition A with Expression 1 OR Expression 2

- create a Authorization compound condition B with Expression 3 OR Expression 4

(I have not found a way to use a compound condition in another compound condition)

Create the Authorization Policy with Condition A AND Condition B.

Of course you can also do this the other way around.

.

Hope this helps.