I am looking for a very customized access for out helpdesk support team where they must be able to add a MAC address to an Identity Group on the ISE.
In turn we will configure this Identity Group to get the required level of access for stuff like PC re-imaging.
The catch here is: 1. Other then adding this MAC address absolutely no other access must be possible. Not even any other read access. 2. We want to make sure we can purge this MAC address after 2-3 days on being added. 3. The policy that we call for matching this Identity Group must kick in.(this may need a system reboot I guess)
@network_geek1979 how about using a MyDevices portal, which the helpdesk users have access to. They enter the MAC address, which adds the MAC address to a specific Identity Group. You can use a purge policy to remove these MAC address from this specific Identity Group, you specify the time/date when this is run. CoA can be used to re-authorise.
Hi Rob, Is this my devices portal something can be configured on the ISE itself? Or is this a separate software or license we need? Sorry, I am asking this question before doing any search. I am searching for these details in parallel.
