https://community.cisco.com/t5/network-access-control/ise-config-with-mac-filtering/m-p/2816617#M40853 <P>We are setting up ISE. I need to setup a rule that uses 802.1x authentication to authenticate a user plus the MAC address of the machine must be in an endpoint group and it has to be on a particular ssid. If the user is connecting to the wrong ssid or the Mac is in the wrong endpoint group it should fail to connect. Is that possible with ISE 2.0?</P> Mon, 11 Mar 2019 06:24:40 GMT Eric Lindsey 2019-03-11T06:24:40Z https://community.cisco.com/t5/network-access-control/ise-config-with-mac-filtering/m-p/2816617#M40853 <P>We are setting up ISE. I need to setup a rule that uses 802.1x authentication to authenticate a user plus the MAC address of the machine must be in an endpoint group and it has to be on a particular ssid. If the user is connecting to the wrong ssid or the Mac is in the wrong endpoint group it should fail to connect. Is that possible with ISE 2.0?</P> Mon, 11 Mar 2019 06:24:40 GMT https://community.cisco.com/t5/network-access-control/ise-config-with-mac-filtering/m-p/2816617#M40853 Eric Lindsey 2019-03-11T06:24:40Z https://community.cisco.com/t5/network-access-control/ise-config-with-mac-filtering/m-p/2816618#M40854 <P>Yes, use endpoint identity group with the MAC address combined with a condition checking AD group membership and that the Airespace-WLAN-ID=xx or Radius Called Station ID ends with the SSID name in the authorization policy.</P> Thu, 21 Jan 2016 15:18:45 GMT https://community.cisco.com/t5/network-access-control/ise-config-with-mac-filtering/m-p/2816618#M40854 jj27 2016-01-21T15:18:45Z