Solved: Authenticate Ubuntu with ISE 2.4

Reuven Elkabetz · ‎08-08-2019

Hi , I would like to authenticate Ubuntu WS with Dot1x and I successfully did with with Identities. I configure the WS under identities and configure under AD the WS as computer account. a member of this computer account is another AD group that assign special VLAN under policy-set table. This working fine. I would like to add under policy set a variable of operating system type that will verify if it is Ubuntu or Windows and allow it to connect. Any idea how I can do it or where I can find document regarding it? Thanks, Reuven

Charlie Moreton · ‎08-08-2019

Start here: https://community.cisco.com/t5/security-documents/ise-community-resources/ta-p/3621621#Visibility

It sounds like you want to Profile the Ubuntu machines and allow certain Authorizations based upon the profiled machine type.

You'll need Plus licenses for this.

View solution in original post

Charlie Moreton · ‎08-08-2019

Start here: https://community.cisco.com/t5/security-documents/ise-community-resources/ta-p/3621621#Visibility

It sounds like you want to Profile the Ubuntu machines and allow certain Authorizations based upon the profiled machine type.

You'll need Plus licenses for this.

Mike.Cifelli · ‎08-08-2019

As @Charlie Moreton stated you can do so via profiling endpoints based on your device sensors (NADs). Just note that if you decide to use profiled groups as an authz condition to push policy you will need ISE Plus licenses on top of your ISE Base licenses. Essentially if you push policy to an endpoint based on a profiled group one endpoint would consume one base and one plus license. Another option you could play with is using any of the following conditions:

EndPoints:OperatingSystem Equals XXXX

SessionDevice-OS Equals XXXX

Good luck & HTH!