08-29-2017 01:35 PM
I am trying to create a profile rule so separate shop floor computers from office computers. They are in different AD groups by host name but I don't have the MAC in AD. Is there a way to profile them using an AD group without the MAC address?
Solved! Go to Solution.
08-29-2017 01:59 PM
Admin/Identity Management/External identity Sources.
Select your AD and there should be a groups tab. Pull in your 2 AD groups and they should then be usable in conditions.
08-29-2017 01:46 PM
I use host names to verify if they are on or off domain, so you should be able to do it.
Just use <AD>:ExternalGroups in your rules. Make sure you pull the groups in to ISE from your AD.
08-29-2017 01:56 PM
OK, I think I am not defining my group correctly. Thanks for the input.
08-29-2017 01:59 PM
Admin/Identity Management/External identity Sources.
Select your AD and there should be a groups tab. Pull in your 2 AD groups and they should then be usable in conditions.
08-29-2017 08:42 PM
What Dustin suggested would work if performing DOT1X with computer identities.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide