Solved: Cisco ISE - Access control by MAC address

OktawianZebrowski98629 · ‎11-30-2020

Hello All
How to set CiscoISE to allow the device to enter the network, using the sposnora portal, after selecting the MAC address.

Greetings!

Oktawian

OktawianZebrowski98629 · ‎12-14-2020

Hello,

THANK YOU VERY MUCH FOR YOUR ANSWER !

Excuse me. I asked the wrong question.
I connect some controller/device to the switch, I know its MAC address and I want a specific user to be able to let this device into the network so that it will go into a separate VLAN.
Can I do this using My Devices Portal and how should I set the policies properly ?

View solution in original post

Mike.Cifelli · ‎11-30-2020

Please take a peek here: ISE Guest Access Prescriptive Deployment Guide - Cisco Community

Also, note that there are great resources on the Network Access Control home page at the top. HTH!

OktawianZebrowski98629 · ‎12-14-2020

Hello,

THANK YOU VERY MUCH FOR YOUR ANSWER !

Excuse me. I asked the wrong question.
I connect some controller/device to the switch, I know its MAC address and I want a specific user to be able to let this device into the network so that it will go into a separate VLAN.
Can I do this using My Devices Portal and how should I set the policies properly ?

Greg Gibbs · ‎12-14-2020

Restricting the MDP based on secondary attributes like AD Group membership is a bit tricky, but it can be done. See ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP) for more info.

If you're already using the MDP for another BYOD flow, you may need to create a second MDP that uses a unique Endpoint Identity Group that will be assigned to these MAC addresses so you can provide differentiated AuthZ based on that group membership.

OktawianZebrowski98629 · ‎12-15-2020

Thank you very much for your answer!

I use ISE 2.7 and I don't know in 1.3 because there are quite big differences.

In MDP I can add a device based on the MAC address, but the device status is still pending