Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE Authorization Policy

Hey guys,

I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rejected per authorization profile."

Under the Policy > Authorization, I created a rule where I just want to allow on EAP-TLS either via machine or user identity, and the bottom is the default DenyAccess. When I tried to join the wireless network, I kept getting denied. I checked the ACL counters on the WLC side and it was not increasing.

I changed the default DenyAccess to PermitAccess, and I was able to join the wireless network no problem, and the ACL counters on the WLC side increased.

It seems like I am hitting the default Authorization Policy first which is on the bottom of the authorization policy.

I attached the failed and authenticated logs that I got from ISE.

Has anyone have encoutered this issue?

The version that I have is 1.1.1

Thanks

P.S.

I went back to check my autorization condition, and it is blank (See the 1st screenshot)

1 REPLY

ISE Authorization Policy

Hi,

it is obvious that you are not matching any condition.

rather than keeping the condition blank, fill it with a condition that is always match and try if that helps.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
435
Views
0
Helpful
1
Replies
CreatePlease to create content