Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
8
Helpful
2
Replies

Any way to prevent MAC duplicates usage f/MAB solution?

Go to solution
netfortius
Level 1
Level 1

‎07-12-2017 12:34 PM

Simple Q: need to provide [guest] WiFi access to devices not supporting 802.1x. Existing solution relied on pre-shared key, configured on the end points and on the WLCs. ISE does not support pre-shared key, so MAB seems to be the only solution. This opens the issue of MAC abuse by reuse. Is there a way ISE could block or alert on MAC duplicates?

1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10

‎07-12-2017 01:05 PM

PSK is a wireless function not an ISE function, but you can definitely do PSK with MAC filtering in ISE.  I do it all the time on my installs.  Configure the SSID with a PSK and check the MAC Filtering checkbox and point to the ISE PSNs.  Setup ISE to authenticate the SSID against the Internal Endpoints in ISE and allow only a predefined whitelist of MACs to connect. 

View solution in original post

2 Replies 2

Go to solution
paul
Level 10
Level 10

‎07-12-2017 01:05 PM

PSK is a wireless function not an ISE function, but you can definitely do PSK with MAC filtering in ISE.  I do it all the time on my installs.  Configure the SSID with a PSK and check the MAC Filtering checkbox and point to the ISE PSNs.  Setup ISE to authenticate the SSID against the Internal Endpoints in ISE and allow only a predefined whitelist of MACs to connect. 

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-12-2017 02:43 PM

Adding to Paul's. Cisco AireOS 8.3 has this feature -- Enabling RADIUS NAC on a WPA and WPA2-PSK WLAN

And, ISE has this Configure Anomalous Endpoint Detection and Enforcement on ISE 2.2 - Cisco

Customers Also Viewed These Support Documents