12-02-2013 08:16 AM - edited 03-10-2019 09:08 PM
Hi,
I am just wondering, how can a company can live with ISE 1.2 configured with MAB, and whitelist.
Senarios is a company hires a IT provider to run and manage the ISE setup.
so the company itselfs, will not be able to access the ISE for administration. What they can do is manage the AD that ISE integrates to.
So how is it possible, for the company, to maintain a MAC white-list within the AD, externally to the ISE, so that the company can add new MAC's themselfs without intervention from the IT Provider ?
I see in the guides that LDAP does "MAC Address Lookup" but cant an AD do the same ?
Or what is the difference between the two.
Also any ideas from the real world on how to differentiate access and support "Segregation of Duties" when it comes to roles as grouping etc with ISE
regards
Martin
05-19-2014 01:09 AM
refer
http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/trustsec/whitepaper_C11-717280.html
05-20-2014 07:32 AM
well you can have a OU specified in the AD for admin PC and all computers in the Admin OU will have full access.so you have mange the access to ISE this way also.
********Do rate helpful posts**************
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide