Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6783
Views
11
Helpful
8
Replies

ISE and MAB for printers

Go to solution
Ilnur.Garipov
Level 1
Level 1

‎04-09-2018 12:19 AM - edited ‎02-21-2020 10:53 AM

Hi, everyone!

Has anyone set up MAB for ise-2.3 for printers, having a list of the mac-addresses of these printers?

Please tell me how to do it.

Thanks!

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Ilnur.Garipov

‎04-09-2018 04:02 AM

There is a precreated condition for non-cisco phones

View solution in original post

8 Replies 8

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎04-09-2018 12:43 AM

What are you looking for exactly?
0 Helpful

Go to solution
Ilnur.Garipov
Level 1
Level 1
In response to Mohammed al Baqari

‎04-09-2018 12:58 AM

There are domain PCs, IP telephones and printers in my network. So, I know how to set up dot1x for domain PCs, but I don’t know how to configure MAB for printers and ip telephones so that domain users can print and make calls.

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Ilnur.Garipov

‎04-09-2018 01:06 AM

that's pretty straight forward. Enable 'mab' under the interfaces. Then in
ISE configure authorization policy to match Wired_MAB _ Cisco IP Phones and
grant it access in the result.

For printers you have two options:

1. Let them connect for 1st time get profiled and if you use standard
vendor then you can add authorization policy to match the vendor profile
and allow acess
2. Option 2 is to create end point identity group and add the mac addresses
statically to it. Then create authorization policy to match this group and
grant access

Go to solution
Ilnur.Garipov
Level 1
Level 1
In response to Mohammed al Baqari

‎04-09-2018 03:40 AM

Thank you for your advice! 

If I have non-cisco phone the second option will be work for this devices?

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Ilnur.Garipov

‎04-09-2018 04:02 AM

There is a precreated condition for non-cisco phones

Go to solution
johnywalker
Level 1
Level 1
In response to Mohammed al Baqari

‎10-23-2018 01:45 AM

I have a doubt here.

 

Is there any other options available to do authorization of printer which don't have any domain credentials ? other than mab and profile attributes ? combination of mab + serial number + and other for authorization ?

Is it possible to do a posture assessment for printer to check the firmware version ?

Is it possible to do a posture assessment for machine which running with AIX operating system ?

 

0 Helpful

Go to solution
fiza258
Level 1
Level 1
In response to Mohammed al Baqari

‎08-24-2022 10:47 AM

Hi

I have a question to do the second option, it's only necessary to have an Essential License for each device?

Regards, 

Fabian Iza

0 Helpful

Go to solution
Arne Bier
VIP
VIP

‎08-24-2022 01:06 PM

“Posture assessment” on printers would not be the same as posture assessment on operating systems such as Windows/Mac etc because we cannot execute code on those devices. But you can profile a printer and I think SNMP might provide the answer. Profiled authorisations will consume 1 Advantage license. 

0 Helpful
Customers Also Viewed These Support Documents