Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISE: create rules with AD groups for Users and Computers

Hello,

We've just begun to work with ISE.
Is it the good place to post on ISE, or there is a dedicated forum in another place?

We'd like to create some rule depending of Computer member groups AND Users member groups from AD, but we meet some difficulties.

We've created AD groups for Computers and Users depending of their Department:
Users_1
Users_2
Computers_1
Computers_2

When we create some basics rules regarding one group only:
- with a group Computers_x to attribute a specific VLAN to a computer (when no Windows session is opened), it runs correctly.
- with a group Users_x to attribute a specific VLAN to an user (when Windows session is opened), it runs correctly.

But when we create a rule regarding a group from Computers and one from Users, to attribute a specific VLAN to an user on a specific computer, this rule is not applied.

Is it possible to use ISE on this way?

Thanks for help.

Regards,
Chris

2 REPLIES
Community Member

ISE: create rules with AD groups for Users and Computers

Cisco Employee

ISE: create rules with AD groups for Users and Computers

Enable EAP Chaining— if  you want Cisco ISE to allow authentication of both machine and user in the same  EAP-FAST authentication.


http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_80_eapchaining_deployment.pdf

329
Views
0
Helpful
2
Replies
CreatePlease to create content