Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
1
Replies

Cisco ISE AAA Policy

hanguye3
Cisco Employee
Cisco Employee

‎09-19-2019 08:48 PM

Hi team,

 

Our customer is asking us AAA policy as below: only "domain user + MAC address" can access to their internal network.

 

Can ISE support the combined the condition like that? We are using the ISE 2.4 Patch 8.

 

Highly appreciated for your quick support. thanks in advanced.

 

Br,

hainm

 

 

0 Helpful
1 Reply 1

jj27
Spotlight
Spotlight

‎09-19-2019 08:55 PM

Yes, if they are doing 802.1x to authenticate the domain user, you can check AD group membership and also in the same policy require the endpoint MAC address to be defined or part of a group.


Example AuthZ policy:  If AD Group = Domain Users AND Endpoint Identity Group = Whitelist (or whatever you want to call it) then permit access.

0 Helpful
Customers Also Viewed These Support Documents