https://community.cisco.com/t5/network-access-control/ise-profiling-mac-address-spoofing/m-p/3528494#M540950 <HTML><HEAD></HEAD><BODY><P>Nadeem, I suggest limiting access using VLAN or ACL for AP access. The ACL can be crafted to allow for APs to join the controller, which at minimum would include DHCP, DNS, and GRE to the controller.</P><P></P><P>Hosuk</P></BODY></HTML> Mon, 08 Feb 2016 17:53:14 GMT howon 2016-02-08T17:53:14Z https://community.cisco.com/t5/network-access-control/ise-profiling-mac-address-spoofing/m-p/3528493#M540944 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-family: Calibri, sans-serif; font-size: 14px;">Hi Experts,<BR /></SPAN></P><P><SPAN style="font-family: Calibri, sans-serif; font-size: 14px;"><BR /></SPAN></P><P><SPAN style="font-family: Calibri, sans-serif; font-size: 14px;">My Customer has Profiling enabled on the Prod ISE deployment and are correctly profiling Aruba AP's using MAB not Dot1x as the auth method.</SPAN></P><P><SPAN style="font-family: Calibri, sans-serif; font-size: 14px;">Customer is concerned that if the MAC address of the AP's spoofed would it be used on any device linux/windows etc to gain access to the network.</SPAN></P><P><SPAN style="font-family: Calibri, sans-serif; font-size: 14px;">The probes that they have currently setup are DHCP,Radius.<BR /></SPAN></P><P>Is there a way to avoid MAC Address Spoofing in the above scenario?</P><P></P><P>Thanks</P><P></P><P></P><P>Nadeem</P></BODY></HTML> Mon, 08 Feb 2016 17:43:33 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-mac-address-spoofing/m-p/3528493#M540944 nadeekha 2016-02-08T17:43:33Z https://community.cisco.com/t5/network-access-control/ise-profiling-mac-address-spoofing/m-p/3528494#M540950 <HTML><HEAD></HEAD><BODY><P>Nadeem, I suggest limiting access using VLAN or ACL for AP access. The ACL can be crafted to allow for APs to join the controller, which at minimum would include DHCP, DNS, and GRE to the controller.</P><P></P><P>Hosuk</P></BODY></HTML> Mon, 08 Feb 2016 17:53:14 GMT https://community.cisco.com/t5/network-access-control/ise-profiling-mac-address-spoofing/m-p/3528494#M540950 howon 2016-02-08T17:53:14Z