cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

198
Views
1
Helpful
2
Replies
Highlighted
Cisco Employee

profiled endpoint group based on location

Is it possible to place a profiled endpoint into a group based on where it was learned?

For example, if a Printer was seen and profiled when attached to switch X, place it in the "Known Printers" endpoint group, which an Authorization Policy can reference. This will prevent just *any* printer from being allowed on the network via MAB if the Authentication Policy only references "internal endpoints" and there is no catch-all Authorization Policy to deny access.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: profiled endpoint group based on location

Yes, you could use RADIUS:NASID to identify the switch you initially connected to then use profiling exception action to statically assign it to an endpoint group.

View solution in original post

2 REPLIES 2
Cisco Employee

Re: profiled endpoint group based on location

Yes, you could use RADIUS:NASID to identify the switch you initially connected to then use profiling exception action to statically assign it to an endpoint group.

View solution in original post

Advocate

Re: profiled endpoint group based on location

For groups of NADs, recommend assign them to NDG.  You can then use NDG in Profile Condition.