11-30-2020 05:32 AM
Hello All
How to set CiscoISE to allow the device to enter the network, using the sposnora portal, after selecting the MAC address.
Greetings!
Oktawian
Solved! Go to Solution.
12-14-2020 04:03 AM
Hello,
THANK YOU VERY MUCH FOR YOUR ANSWER !
Excuse me. I asked the wrong question.
I connect some controller/device to the switch, I know its MAC address and I want a specific user to be able to let this device into the network so that it will go into a separate VLAN.
Can I do this using My Devices Portal and how should I set the policies properly ?
11-30-2020 05:42 AM
Please take a peek here: ISE Guest Access Prescriptive Deployment Guide - Cisco Community
Also, note that there are great resources on the Network Access Control home page at the top. HTH!
12-14-2020 04:03 AM
Hello,
THANK YOU VERY MUCH FOR YOUR ANSWER !
Excuse me. I asked the wrong question.
I connect some controller/device to the switch, I know its MAC address and I want a specific user to be able to let this device into the network so that it will go into a separate VLAN.
Can I do this using My Devices Portal and how should I set the policies properly ?
12-14-2020 02:05 PM
Restricting the MDP based on secondary attributes like AD Group membership is a bit tricky, but it can be done. See ISE Sponsor & My Devices Authorization on Secondary Attributes (LDAP) for more info.
If you're already using the MDP for another BYOD flow, you may need to create a second MDP that uses a unique Endpoint Identity Group that will be assigned to these MAC addresses so you can provide differentiated AuthZ based on that group membership.
12-15-2020 01:28 AM
Thank you very much for your answer!
I use ISE 2.7 and I don't know in 1.3 because there are quite big differences.
In MDP I can add a device based on the MAC address, but the device status is still pending
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide