10-17-2018 07:15 AM
Hi!
I know that MAB is not secure but at times you have to allow devices like android, amazon sticks so whats the best way or policy to give access to such devices?
Thanks
Solved! Go to Solution.
10-17-2018 07:26 AM
Depends on the customer policy, but typically customers assign Internet only access for devices that they cannot control or manage.
10-17-2018 07:29 AM
I'm not sure what the 'best' is, but I typically just write my policies so that two conditions must be met. Perhaps:
This can be difficult if you have devices that use static IPs instead. I've found, that DHCP is your friend with ISE. You could probably also use the Custom Attributes field within the endpoint properties, though I have not tried this.
Ideally, Anomalous Behavior detection would help here, but that feature seems so half baked to me, that I would never use it current state.
10-17-2018 07:26 AM
Depends on the customer policy, but typically customers assign Internet only access for devices that they cannot control or manage.
10-17-2018 12:29 PM
10-17-2018 07:29 AM
I'm not sure what the 'best' is, but I typically just write my policies so that two conditions must be met. Perhaps:
This can be difficult if you have devices that use static IPs instead. I've found, that DHCP is your friend with ISE. You could probably also use the Custom Attributes field within the endpoint properties, though I have not tried this.
Ideally, Anomalous Behavior detection would help here, but that feature seems so half baked to me, that I would never use it current state.
10-17-2018 12:29 PM
10-17-2018 12:40 PM
10-18-2018 12:46 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide