09-12-2014 07:23 AM - edited 03-10-2019 10:01 PM
Hello, I would like to create a condition that would force MAB'd clients to hit a certain policy set if their MAC address matches one in an endpoint identity group? Is this possible? I feel like a condition can be created using a combination of attributes, but I cannot seem to hit on it properly. Thanks.
09-15-2014 02:44 PM
Sorry to bring the bad news but that is not possible. You cannot use the "endpoint group" as an attribute when creating an "authentication" condition.
What exactly are you trying to accomplish? Give us some more details and perhaps there is a different solution for you.
Thank you for rating helpful posts!
09-16-2014 07:10 AM
Thanks. I have the basic wired/wireless policy sets, but would like a more detailed level of policy sets for some of my lab machines that need individual DACLs. I dont want to saturate my policy with DACLs. So I would like MAB'd users to enter the Lab Machine Policy Set if they fall in a certain endpoint identity group.
09-16-2014 05:39 PM
The cleanest way to to this would be to dedicate:
1. (Wired) A test switch where all of your test devices are connecting. You can then build a policy set that matches against that NAS.
2. (Wireless) A test SSID and/or a controller (virtual or 2504). You can then build a policy set that is dedicated to that SSID
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide