Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
2
Helpful
1
Replies

Automatic delete MAC from group Cisco ISE 2.7

Go to solution
DariuszD
Level 1
Level 1

‎10-27-2023 02:50 AM

Hello, everyone

I use Cisco ISE 2.7 in my infrastructure. I would like to ask you whether it is possible to add the mac addresses of devices to MAB Groups and to add a time parameter after which such a MAC should be automatically deleted.

For example:

I add the mac address of a PC which has to be in a group only today. After e.g. 8h, the ISE automatically deletes the MAC from the respective MAB group and this PC is treated as a guest PC.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎10-27-2023 09:07 AM

You could do this a couple of ways. If you're using the guest registration and guest portal function in ISE you can set time limits the account is valid for. 

You could also use the ISE endpoint purge policies to remove mac addresses from the identity group and ISE but this is a daily scheduled job. It can use elapsed days as a check for this use case. 

View solution in original post

1 Reply 1

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎10-27-2023 09:07 AM

You could do this a couple of ways. If you're using the guest registration and guest portal function in ISE you can set time limits the account is valid for. 

You could also use the ISE endpoint purge policies to remove mac addresses from the identity group and ISE but this is a daily scheduled job. It can use elapsed days as a check for this use case. 

Customers Also Viewed These Support Documents