fairly new to ISE but have done quite a bit of reading up.
I have a problem with setting up the Alcatel Onmi switch rules.
When i create a device profile for MAB for the Alcatel switches, the rule says if condition "device is part of group and matches MAB" proceed. The problem is the MAB packet by default isnt the "lookup packet" like cisco devices.
To get around this i can create a device profile that looks for the PAP_ASCII field and it changes it to a lookup packet for MAB.
However this then creates a problem for remote access for SSH and no longer can log into the switch.
Does anyone know of an attribute or condition in radius that would be used by MAB authentication, but would be used by a normal ssh admin session.
Wondering if i could add a condition for MAB which would be that the username contains character ":" as the MAC address proceed otherwise drop down to radius user authentication rule for logging in to device.
You most probably have to do a tcpdump from ISE and compare SSH vs MAB scenarios using whireshark
The reason why you're having this issue is that you're using RADIUS for SSH access.
Don't you have a port type radius attribute for the SSH session? Like virtual or something similar? This would be a differentiator.
What I'm saying is that you should use the Device Profile Alcatel the way it works for MAB, and change the SSH auth rule to consider some extra attribute in order to differentiate requests inside Policy Set.
Community Live Event Video
Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency.
This event talks about Cisco SecureX, its benefits, features, and usage. Th...
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....