05-23-2019 03:08 PM - edited 02-21-2020 11:05 AM
Hi,
looking out there to see if anyone has used RADIUS attribute, nas-port-id in an authorization policy to lock down switch port access to specific devices. We deployed a few Cisco, 12 port, 3560-CX switches in our conference rooms and have integrated them with our ISE 2.4 RADIUS servers. Here's an example of what i'm thinking of implementing.
if device is in external group <AD group name>, and
if nas-port-id is within range gigabitethernet0/1 through gigabitethernet0/10
Solved! Go to Solution.
05-24-2019 06:45 AM
I have done NAS port ID before as well. You can also create a specific location or device type for these conference room switches to tie that into the rule as well.
One other though that works well is this:
05-23-2019 06:38 PM
05-24-2019 06:45 AM
I have done NAS port ID before as well. You can also create a specific location or device type for these conference room switches to tie that into the rule as well.
One other though that works well is this:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: