Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
924
Views
1
Helpful
2
Replies

profiled endpoint group based on location

Go to solution
barawlin
Cisco Employee
Cisco Employee

‎07-05-2017 09:28 AM

Is it possible to place a profiled endpoint into a group based on where it was learned?

For example, if a Printer was seen and profiled when attached to switch X, place it in the "Known Printers" endpoint group, which an Authorization Policy can reference. This will prevent just *any* printer from being allowed on the network via MAB if the Authentication Policy only references "internal endpoints" and there is no catch-all Authorization Policy to deny access.

1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎07-05-2017 09:40 AM

Yes, you could use RADIUS:NASID to identify the switch you initially connected to then use profiling exception action to statically assign it to an endpoint group.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎07-05-2017 09:40 AM

Yes, you could use RADIUS:NASID to identify the switch you initially connected to then use profiling exception action to statically assign it to an endpoint group.

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10

‎07-06-2017 06:33 AM

For groups of NADs, recommend assign them to NDG.  You can then use NDG in Profile Condition.

0 Helpful
Customers Also Viewed These Support Documents