Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Profile Corporate PC w/ ISE

I'm trying to add a profile rule to see if a PC is on my domain.

How is the best way to profile a workstation to know if it's a corporate asset or not?  DHCP domain name?  Something else? 

What does the Profile condition look like?

TIA

Scott

Everyone's tags (3)
1 REPLY
New Member

Profile Corporate PC w/ ISE

I think the easiest way is to create a Simple Condition (Administration > Policy Elements > Authorization):

Attribute: Network Access:WasMachineAuthenticated

Operator: Equals

Value: True

Then use this condition in your (user) Authorization Policy.

Basically, this checks if a computer has ever been succesfully authenticated against your domain.

I assume you have an Active Directory as External Identity store and have added the Domain Computers group as part of this config.

The mentioned attribute result will be displayed in the authentication monitoring details screen as code 24421 (authenticated) or 24423 (unauthenticated) under Steps.

966
Views
0
Helpful
1
Replies
CreatePlease login to create content