10-30-2017 02:44 PM - edited 02-21-2020 10:37 AM
Hello Guys
Pls see attached screen shoot
How can i delete the default authentication policy on cisco ISE
thanks
10-30-2017 03:36 PM
You cannot. You can only change the Identity store it uses. Documented here:
"For both network access and device administration, this is the default authenticaton rule that is included in every policy set you create, as well as in the system default policy set.
You can edit this policy to configure any identity source sequence or identity source based on your needs, but you cannot add conditions to it or delete it."
Why do you want to delete it? Your policy has both dot1x and mab conditions above it, all requests should hit one of those rules. Nothing should even hit that policy rule.
10-30-2017 03:37 PM
10-30-2017 03:50 PM
I also found this "Default" statement annoying because there is nothing default about it - it's using the exact logic as required. i.e. If I match MAB, then I want to use Identity Store X. If I match Dot1X then I want to use Identity Store Y, etc. The problem is that the Authentication Policy output in the LiveLogs always shows the word ">> Default" at the end. It's superfluous and looks like the engineer is relying on defaults in his logic.
It's a minor annoyance.
10-30-2017 04:28 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide