09-14-2022 09:06 AM
Team,
I am looking for a very customized access for out helpdesk support team where they must be able to add a MAC address to an Identity Group on the ISE.
In turn we will configure this Identity Group to get the required level of access for stuff like PC re-imaging.
The catch here is:
1. Other then adding this MAC address absolutely no other access must be possible. Not even any other read access.
2. We want to make sure we can purge this MAC address after 2-3 days on being added.
3. The policy that we call for matching this Identity Group must kick in.(this may need a system reboot I guess)
Any suggestions?
Regards,
N!!
Solved! Go to Solution.
09-14-2022 11:59 PM
@network_geek1979 the MyDevices Portal is built into ISE.
09-14-2022 09:45 AM
May you can try with API :
https://community.cisco.com/t5/network-access-control/rbac-for-adding-mac-address/td-p/3839918
09-14-2022 09:50 AM
@network_geek1979 how about using a MyDevices portal, which the helpdesk users have access to. They enter the MAC address, which adds the MAC address to a specific Identity Group. You can use a purge policy to remove these MAC address from this specific Identity Group, you specify the time/date when this is run. CoA can be used to re-authorise.
09-14-2022 11:39 PM
Hi Rob, Is this my devices portal something can be configured on the ISE itself? Or is this a separate software or license we need?
Sorry, I am asking this question before doing any search. I am searching for these details in parallel.
09-14-2022 11:59 PM
@network_geek1979 the MyDevices Portal is built into ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide