Policy Design

Overview

ISE policies control authentication and authorization for network access.

Policy Hierarchy

Policy Sets
├── Authentication Policy
│   └── Which identity source to use?
├── Authorization Policy
│   └── What access to grant?
└── Posture Policy (optional)
    └── Is device compliant?

Key Concepts

Policy Sets

Group related policies by use case:

  • Wired 802.1X

  • Wireless 802.1X

  • VPN Access

  • Guest Access

See Policy Sets.

Authorization Profiles

Define what happens when a rule matches:

  • VLAN assignment

  • DACL application

  • SGT assignment

  • CoA triggers

See Authorization Profiles.

Conditions

Building blocks for policy rules:

  • Identity groups

  • Device attributes

  • Network conditions

  • Time-based

See Conditions.

Best Practices

  • Use descriptive names

  • Order rules from specific to general

  • Test in monitor mode first

  • Document policy intent