09-10-2021 03:19 AM
Hi,
I want to perform authentication on a new SSID based on the MAC address of the device and then give access to the user based on the policy that i have create on Cisco ISE.
Can you please tell me if i can perform such a solution and how i can do it on ISE;
Ι have already create the new SSID with the Mac Filtering enabled.
Thank you.
09-10-2021 06:30 AM
Since MAC address doesn't provide user identity behind the device there needs to be a way to tie the MAC to a user to be able to assign policy based on the user. This can be done with WebAuth with device registration where upon logging in to a portal page, the MAC address of the client device is added to a certain endpoint group. Then policy can be applied to the endpoint group.
09-10-2021 12:58 PM
Thank you howon for your solution. Because they do not want the WebAuth from my company for these users, i will try to do it by enabling the Mac Address filtering into the SSID. Then i will create the binding between the Mac Address and an IP from the Vlan for which i have already create a policy to ISE. Finally i will use the Identity Awareness on my firewall in order to permit specific users.
So at the end i suppose that through this way i will manage to control both a limited number of mac address and a limited number of users.
Do you think that this solution will work;
09-12-2021 07:24 AM
Hi ;
i performed authentication into wireless using both ( mac address + dot1x ) it's work as well, for this you need to create
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide