https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3789207#M486094 It is being validated against a condition in an authorization rule. Any machine with AntConnect has a UID which is randomly generated. In my opinion it is reliable.<BR /> Mon, 28 Jan 2019 08:45:20 GMT rhobab 2019-01-28T08:45:20Z https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3784176#M486061 <P>We currently are validating the computers that access the network by the uid in the cisco-av-pair. For this we have conditions to validate the uid. While this worked fine with a few computers connecting via AnyConnect the amount of machines has increased greatly and the conditions have become unmanageable.&nbsp;</P> <P>&nbsp;</P> <P>We have been looking for a way to validate the uid against a database at the time of authentication / authorization. We would insert the known uids into a database. The idea being to authenticate the user against the Active Directory and validate the uid against the database at the time of connection.&nbsp;</P> <P>&nbsp;</P> <P>Does anyone know of a way to do this?</P> <P>Thanks</P> <P>Victor</P> Mon, 21 Jan 2019 11:27:10 GMT https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3784176#M486061 rhobab 2019-01-21T11:27:10Z https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3785548#M486064 <P>Remote access or 802.1X ?</P> Tue, 22 Jan 2019 22:24:09 GMT https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3785548#M486064 Peter Koltl 2019-01-22T22:24:09Z https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3785574#M486067 <P>Remote access.&nbsp;</P> Tue, 22 Jan 2019 23:03:07 GMT https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3785574#M486067 rhobab 2019-01-22T23:03:07Z https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3786388#M486074 When you said “We currently are validating the computers that access the network by the uid in the cisco-av-pair”, May I know where this UID is configured and how you are validating it on the ISE ? perhaps a screenshot would help to understand your current setup better before providing any suggestions.<BR /> Wed, 23 Jan 2019 20:54:18 GMT https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3786388#M486074 Surendra 2019-01-23T20:54:18Z https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3787167#M486079 As far as I know the uid is automatically generated when you install AnyConnect on the computer. It appears in the ISE logs as mdm-tlv-device-uid.<BR /><BR />[cid:image002.png@01D4B3DD.ED261FB0]<BR /> Thu, 24 Jan 2019 12:08:57 GMT https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3787167#M486079 rhobab 2019-01-24T12:08:57Z https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3787522#M486085 If the UID is generated when you install AnyConnect on a machine, may i know what are you validating it against? Wouldn't any machine with AnyConnect have a UID in that case and kind of unreliable? Thu, 24 Jan 2019 19:21:31 GMT https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3787522#M486085 Surendra 2019-01-24T19:21:31Z https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3789207#M486094 It is being validated against a condition in an authorization rule. Any machine with AntConnect has a UID which is randomly generated. In my opinion it is reliable.<BR /> Mon, 28 Jan 2019 08:45:20 GMT https://community.cisco.com/t5/network-access-control/use-cisco-av-pair-with-database-query/m-p/3789207#M486094 rhobab 2019-01-28T08:45:20Z