cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
599
Views
0
Helpful
2
Replies

ISE 1.2 - External database to use as MAC whitelist ?

mbilgrav
Level 3
Level 3

Hi,

I am just wondering, how can a company can live with ISE 1.2 configured with MAB, and whitelist.

Senarios is a company hires a IT provider to run and manage the ISE setup.

so the company itselfs, will not be able to access the ISE for administration. What they can do is manage the AD that ISE integrates to.

So how is it possible, for the company, to maintain a MAC white-list within the AD, externally to the ISE, so that the company can add new MAC's themselfs without intervention from the IT Provider ?

I see in the guides that LDAP does "MAC Address Lookup" but cant an AD do the same ?

Or what is the difference between the two.

Also any ideas from the real world on how to differentiate access and support "Segregation of Duties" when it comes to roles as grouping etc with ISE

regards

Martin

2 Replies 2

Saurav Lodh
Level 7
Level 7

refer

http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/trustsec/whitepaper_C11-717280.html

kaaftab
Level 4
Level 4

well you can have a OU specified in the AD for admin PC and all computers in the Admin OU will have full access.so you have mange the access to ISE this way also.

 

********Do rate helpful posts**************