Solved: Re: Any good idea to collect MAC address?

JustTakeTheFirstStep · ‎06-25-2022

We are reviewing an ISE deployment.

ISE is trying to authenticate a user with a MAC address.

There is no DB server like Active Directory here.

Collecting the MAC addresses of numerous users is cumbersome.

Any good ideas?

Marcelo Morais · ‎06-27-2022

Hi @JustTakeTheFirstStep ,

at Policy > Policy Set > create a:

Policy Set Name: Wired-MAB
Condition: Wired_MAB

the Authentication Policy:

Rule Name: MAB
Condition: Wired_MAB
Use: Internal Endpoints
Options: If Auth Fail = Continue

the Authorization Policy:

Rule Name: OpenAccess
Condition: Wired_MAB
Result: PermitAccess

at this point, any MAB Request will be accepted.

At Operations > Reports > Reports > Endpoint and Users > RADIUS Authentication > click the Export To = Repository (CSV) to generate a report ... get ALL the MACs looking at the Endpoint ID column.

Hope this helps !!!

View solution in original post

ahollifield · ‎06-27-2022

What is your use-case? What exactly are you trying to do?

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356

Marcelo Morais · ‎06-27-2022