https://community.cisco.com/t5/network-access-control/fake-mac-detection-ise/m-p/2894781#M36285 <P>Hello,&nbsp;</P> <P>If someone is using a fake mac address can ise detect that? I mean if someone changed the mac address of their system and there is authentication based on mac address will ise detect that this is fake address and cannot access a certain resource?</P> <P></P> Mon, 11 Mar 2019 06:45:08 GMT muhammad.ali111 2019-03-11T06:45:08Z https://community.cisco.com/t5/network-access-control/fake-mac-detection-ise/m-p/2894781#M36285 <P>Hello,&nbsp;</P> <P>If someone is using a fake mac address can ise detect that? I mean if someone changed the mac address of their system and there is authentication based on mac address will ise detect that this is fake address and cannot access a certain resource?</P> <P></P> Mon, 11 Mar 2019 06:45:08 GMT https://community.cisco.com/t5/network-access-control/fake-mac-detection-ise/m-p/2894781#M36285 muhammad.ali111 2019-03-11T06:45:08Z https://community.cisco.com/t5/network-access-control/fake-mac-detection-ise/m-p/2894782#M36286 <P>If you are talking about someone spoofing a mac that you have entered into ISE, so it is authenticated alone on the mac address, then no. ISE will only get the mac address from the switch, and there is no way to detect that something is "fake" in authentication, because it actually isn't. Profiling and Posture assesment can be used to enforce other policies, and react if those are not fulfilled, but if you are using MAB that is normally not an option. I always suggest using a DACL when using MAB, to restrict the access that the user gets, if they are authenticated with MAB.</P> Tue, 10 May 2016 15:32:27 GMT https://community.cisco.com/t5/network-access-control/fake-mac-detection-ise/m-p/2894782#M36286 jan.nielsen 2016-05-10T15:32:27Z