10-17-2018 07:15 AM
Hi!
I know that MAB is not secure but at times you have to allow devices like android, amazon sticks so whats the best way or policy to give access to such devices?
Thanks
Solved! Go to Solution.
10-17-2018 07:26 AM
Depends on the customer policy, but typically customers assign Internet only access for devices that they cannot control or manage.
10-17-2018 07:29 AM
I'm not sure what the 'best' is, but I typically just write my policies so that two conditions must be met. Perhaps:
This can be difficult if you have devices that use static IPs instead. I've found, that DHCP is your friend with ISE. You could probably also use the Custom Attributes field within the endpoint properties, though I have not tried this.
Ideally, Anomalous Behavior detection would help here, but that feature seems so half baked to me, that I would never use it current state.
10-17-2018 07:26 AM
Depends on the customer policy, but typically customers assign Internet only access for devices that they cannot control or manage.
10-17-2018 12:29 PM
10-17-2018 07:29 AM
I'm not sure what the 'best' is, but I typically just write my policies so that two conditions must be met. Perhaps:
This can be difficult if you have devices that use static IPs instead. I've found, that DHCP is your friend with ISE. You could probably also use the Custom Attributes field within the endpoint properties, though I have not tried this.
Ideally, Anomalous Behavior detection would help here, but that feature seems so half baked to me, that I would never use it current state.
10-17-2018 12:29 PM
10-17-2018 12:40 PM
10-18-2018 12:46 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: