Group or condition for registred devices from "Device Registration Portal" (Guest Portal) ?
We use Cisco ISE 184.108.40.2069 on our network.
We've already set the Domain devices rules (AD), and it works correctly. Now we work on the BYOD rules, and I've a question about the "Device Registration Portal" processes.
Can I create a group (Endpoint Identity Groups or others) or a condition (Simple/Compound Conditions or others), which will be automatically attribuated to all registred devices from "Device Registration Portal" (Guest Portal)? Our objective is to created a basic rules inside Authorization Policy for all BYOD without OS distinction.
Currently, we've created a rule with the (built-in) Workstation group: Identity Management > Groups > Endpoint Identity Groups > Profiled > Workstation
But I'm not sure that all registred devices are going to obtain the "Profiled" group or one of these sub-groups (Cisco-IP-Phone or Workstation)? Can I choose and set the group or the condition that will be automatically attribuated to registred devices, or I have to use built-in groups inside "Endpoint Identity Groups"?
For information, currently when I registe a new device from "Device Registration Portal" (Guest Portal), by adding its MAC Address, this device is registred with the attributes:
I might be missing something or not fully understanding your question/requirements but you can definitely create a rule that is matching against the "registered" devices rather than the "profiled workstation" group. In your authorization policy you would just pick the "RegisteredDevices" group instead of the profiled one.
Keep in mind that if you are using ISE 1.2 you can sort of combine both the "Registered Group" and profiling data. You can do that by creating a "Logical Profile" under Policy>Profiling > Logical Profiles. Then you can reference this in your authorization policy by choosing "Endpoints > LogicalProfile" = name_of_the_logical_profile. That way you can have different rules that are all based on "RegisteredDevices" but different based on the logical profile group.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...