- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2022 09:06 AM
Team,
I am looking for a very customized access for out helpdesk support team where they must be able to add a MAC address to an Identity Group on the ISE.
In turn we will configure this Identity Group to get the required level of access for stuff like PC re-imaging.
The catch here is:
1. Other then adding this MAC address absolutely no other access must be possible. Not even any other read access.
2. We want to make sure we can purge this MAC address after 2-3 days on being added.
3. The policy that we call for matching this Identity Group must kick in.(this may need a system reboot I guess)
Any suggestions?
Regards,
N!!
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
-
Wired
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2022 11:59 PM
@network_geek1979 the MyDevices Portal is built into ISE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2022 09:45 AM
May you can try with API :
https://community.cisco.com/t5/network-access-control/rbac-for-adding-mac-address/td-p/3839918
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2022 09:50 AM
@network_geek1979 how about using a MyDevices portal, which the helpdesk users have access to. They enter the MAC address, which adds the MAC address to a specific Identity Group. You can use a purge policy to remove these MAC address from this specific Identity Group, you specify the time/date when this is run. CoA can be used to re-authorise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2022 11:39 PM
Hi Rob, Is this my devices portal something can be configured on the ISE itself? Or is this a separate software or license we need?
Sorry, I am asking this question before doing any search. I am searching for these details in parallel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2022 11:59 PM
@network_geek1979 the MyDevices Portal is built into ISE.
