Guest

Preview Tool

Cisco Bug: CSCus48961 - ISE 1.3 AuthZ matches default rule before other rules in policy set

Last Modified

Jun 09, 2016

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.3(0.876)

Description (partial)

Symptom:
Clients are hitting the ISE default policy rule before the configured ISE Auth policy that the authenticating client or machine SHOULD be hitting.  If there are 15 authz rules the user might hit the first 10 but the 11th will act like "default" even though the gui shows 11-14 are configured rules and not the default rule.

if a rule is moved too far down the authz rule list it will never be triggered and instead, the client with hit the default rule as if it hit the bottom of the rule list.

Conditions:
ISE  1.3

Configuring and testing Authorization Policy rules in sets or NOT in sets

using IE or Firefox browsers
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.