Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
1
Replies

Cisco ISE - Authentication & Authorization

mkouame17
Level 1
Level 1

‎06-26-2018 09:06 PM - edited ‎02-21-2020 10:59 AM

Dear Guys,

 

I would like to know whether it is possible to do authentication based on the mac address of the endpoint, the endpoint(PC) should be on the AD store and the the login/password of the user coming from the AD store.

En resume, authenticate the endpoint(PC) and the user. The MAC address of the endpoint should be on the local store and the enpdoint and the user should register in the AD.

 

The rule should be :

USER => MAC_address + AD1:USER_DOMAIN then PROFILE2 

COMPUTER => MAC_address + AD1:COMPUTER_DOMAIN then PROFILE1

OR 

USER => MAC_address + AD1:USER_DOMAIN then PROFILE2

COMPUTER => AD1:COMPUTER_DOMAIN  then  PROFILE1

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎06-26-2018 11:19 PM

Best Approach is :

 

ISE is the First place to authentication :

1. based on MAB or DOT1X  - this need Switch side configuration with ISE

2. you can use Certificate authentication if you want over WIFI also.

 

Once Above process then, User in the network.

Now the PC can login to Domain using AD Authentication to join the domain.

 

is this make sense ?

BB

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents