https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712346#M507405 <P>So, I've been looking and have not found anything specific.</P> <P>&nbsp;</P> <P>So, they are trying to add devices into AD using&nbsp;<SPAN>ieee802Device. Now, what I can't find other than mentions of this is if ISE can validate by these.</SPAN></P> <P>&nbsp;</P> <P><SPAN>They set up a group I pulled into ISE, and added a device into the group. It fails with auth failed.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Can this be done, or does the device have to be a user account and not the&nbsp;ieee802Device?</SPAN></P> Mon, 24 Sep 2018 18:35:20 GMT Dustin Anderson 2018-09-24T18:35:20Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712346#M507405 <P>So, I've been looking and have not found anything specific.</P> <P>&nbsp;</P> <P>So, they are trying to add devices into AD using&nbsp;<SPAN>ieee802Device. Now, what I can't find other than mentions of this is if ISE can validate by these.</SPAN></P> <P>&nbsp;</P> <P><SPAN>They set up a group I pulled into ISE, and added a device into the group. It fails with auth failed.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Can this be done, or does the device have to be a user account and not the&nbsp;ieee802Device?</SPAN></P> Mon, 24 Sep 2018 18:35:20 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712346#M507405 Dustin Anderson 2018-09-24T18:35:20Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712430#M507409 <P>Could you clarify your question again ?</P> <P>Do you want to authenticate MAB endpoints via AD on ISE ?</P> <P>I have a customer who is doing this using LDAP and placing different endpoints (profiles) in different OU on AD</P> Mon, 24 Sep 2018 20:09:25 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712430#M507409 umahar 2018-09-24T20:09:25Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712868#M507411 <P>We want to use AD and assign vlans based on groups. APs, thermal printers, laser printers etc.</P> <P>&nbsp;</P> <P>I think the issue is they want to use the new Devices instead of user accounts, and I don't think ISE supports this way?</P> Tue, 25 Sep 2018 14:33:44 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712868#M507411 Dustin Anderson 2018-09-25T14:33:44Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712875#M507415 <P>If I understand correctly you want to whitelist MAB devices on AD instead of ISE itself.</P> <P>Not very common but can be achieved.&nbsp;</P> Tue, 25 Sep 2018 14:44:27 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712875#M507415 umahar 2018-09-25T14:44:27Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712885#M507417 Something like this?<BR /><BR />I googled mab ise ldap<BR /><BR /><A href="https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/trustsec/whitepaper_C11-717280.html" target="_blank">https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/trustsec/whitepaper_C11-717280.html</A><BR /><BR /> Tue, 25 Sep 2018 15:04:44 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712885#M507417 Jason Kunst 2018-09-25T15:04:44Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712981#M507419 <P>The reason they don't want to do ISE profiling is we really don't trust it to profile correctly. Right now the AP next to me is profiling as a Cisco Switch. They also would like to not have to buy 3000+ licenses for all these printers.</P> <P>&nbsp;</P> <P>Jason, we tried that, and I guess i'm not sure if the failure is on ISE, or theme not setting up AD correctly for what we are doing.&nbsp;</P> Tue, 25 Sep 2018 17:01:17 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3712981#M507419 Dustin Anderson 2018-09-25T17:01:17Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3714297#M507421 <P>Yes.</P> <P>Each group then can whitelist their owned devices on AD using their credentials to get them into the network.</P> Thu, 27 Sep 2018 13:28:48 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3714297#M507421 umahar 2018-09-27T13:28:48Z https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3714379#M507423 Troubleshoot with TAC then? Thu, 27 Sep 2018 15:01:04 GMT https://community.cisco.com/t5/network-access-control/mab-ise-and-ad/m-p/3714379#M507423 Jason Kunst 2018-09-27T15:01:04Z