Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE 1.2 - Match Policy Set based on endpoint identity group?

Hello, I would like to create a condition that would force MAB'd clients to hit a certain policy set if their MAC address matches one in an endpoint identity group? Is this possible? I feel like a condition can be created using a combination of attributes, but I cannot seem to hit on it properly. Thanks.

3 REPLIES
Cisco Employee

Sorry to bring the bad news

Sorry to bring the bad news but that is not possible. You cannot use the "endpoint group" as an attribute when creating an "authentication" condition. 

What exactly are you trying to accomplish? Give us some more details and perhaps there is a different solution for you. 

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
New Member

Thanks. I have the basic

Thanks. I have the basic wired/wireless policy sets, but would like a more detailed level of policy sets for some of my lab machines that need individual DACLs. I dont want to saturate my policy with DACLs. So I would like MAB'd users to enter the Lab Machine Policy Set if they fall in a certain endpoint identity group.

Cisco Employee

The cleanest way to to this

The cleanest way to to this would be to dedicate:

1. (Wired) A test switch where all of your test devices are connecting. You can then build a policy set that matches against that NAS.

2. (Wireless) A test SSID and/or a controller (virtual or 2504). You can then build a policy set that is dedicated to that SSID 

 

Thank you for rating helpful posts! 

Thank you for rating helpful posts!
49
Views
0
Helpful
3
Replies