In the latest 22.1.4, i.e. 20250627 regular hotfix release when this KB was created, we do not support MAB based authentication which Authentication Servers like ISE may require.
Sample reference config:
1) Create the Radius auth for Cisco ISE server.
2) Add the Authentication Profile as shown in the snippet for ISE.
Include the NAS Identifier attributes.
3) Add the Authentication Control, referring the Authentication-Profile and the corresponding interfaces.
4) On the Cisco ISE side to use dynamic ACLs and to push their names to the Versa devices, you need to go to Policy → Results → Authorization Profiles
Then, select the profile which you want to assign to a specific user/devices, and configure following parameters:
Access Type = ACCESS_ACCEPT
Tunnel-Private-Group-ID = 1:RedVlan
Tunnel-Type = 1:13
Tunnel-Medium-Type = 1:6
------------
In the above configuration, Cisco ISE will push "RedVlan" as the name of the ACL which needs to be applied to a particular device after authorization.
2) Second, you need to apply Authorization Profile to the particular device. To do it, go to Policy → Policy Sets → Default:
Next, you need to select Authorization Policy menu:
In that menu, find the device and rule for which you want to apply profile, and select the Authorization Profile as it is shown below:
