Solved: Cisco ISE 1.3 - Mab authentication with different vlan for each foor

Augustgood · ‎08-17-2015

Hi,

A customer wants to implement MAB authentication with different vlan for every floor. I found a tedius solution,

i configure the following:

- different authentication profile with different vlan.

- add endpoint (printer etc) on identity endpoint.

- create identity group endpoint that recall endpoint.

- at the end i create a rule of authorizzation that recall all element .... and Work.

You know if there is a faster way to or another way to solve the problem ?

thanks all

jan.nielsen · ‎08-17-2015

Well, mab in some environments, could be replaced by profiling, and for the rules, instead af having an authz rule for each floor, you could name your vlans in your switches the same name for "Printers", everywhere, then you would only need one authz rule, where you use the name of the vlan instead of the id number, then it doesn't matter where that printer is located, it will end up in the "Printer" vlan, whatever that might be in that specific switch.

View solution in original post

jan.nielsen · ‎08-17-2015

Well, mab in some environments, could be replaced by profiling, and for the rules, instead af having an authz rule for each floor, you could name your vlans in your switches the same name for "Printers", everywhere, then you would only need one authz rule, where you use the name of the vlan instead of the id number, then it doesn't matter where that printer is located, it will end up in the "Printer" vlan, whatever that might be in that specific switch.