11-21-2019 12:35 PM
Hello,
If I want to use MAB on a bunch of devices from the same manufacturer that can;t do 802.1x can I create just a single MAB policy and have all the devices hit that policy or whi I have to enter every actual MAC address for each device?
Thanks in advance!
Replies rated
Solved! Go to Solution.
11-21-2019 12:56 PM
As long as the manufacturer has the same OUI (first 6 characters of the MAC address) then you can accomplish it with one policy. Your condition would be Radius:Calling-Station-ID starts with <first 6 characters, example: 00-12-34 or 00:12:34 depending on how your accounting is configured.
You can also accomplish it by creating a profiling policy with the same condition or a condition to match the OUI by name (as seen in Context Visibility) then using the condition in your authorization policy Endpoint:EndpointPolicy = <ProfileName>
Lastly, you could populate an Endpoint Group with all of the MAC addresses manually (or bulk import) if desired.
11-21-2019 12:56 PM
As long as the manufacturer has the same OUI (first 6 characters of the MAC address) then you can accomplish it with one policy. Your condition would be Radius:Calling-Station-ID starts with <first 6 characters, example: 00-12-34 or 00:12:34 depending on how your accounting is configured.
You can also accomplish it by creating a profiling policy with the same condition or a condition to match the OUI by name (as seen in Context Visibility) then using the condition in your authorization policy Endpoint:EndpointPolicy = <ProfileName>
Lastly, you could populate an Endpoint Group with all of the MAC addresses manually (or bulk import) if desired.
11-21-2019 01:17 PM
I agree with @jj27
However, please note that if pushing authz policy via profiled endpoint groups you will require plus licensing. If licensing is a concern I would recommend leveraging a bulk add via rest api. Check this out: https://community.cisco.com/t5/security-documents/ise-ers-api-examples/ta-p/3622623
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide