Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
1
Replies

ISE authorization policy matching

mliddek
Level 1
Level 1

‎03-29-2018 01:20 PM - edited ‎02-21-2020 10:52 AM

Have devices that have certs generated and loaded.  I want to add to my policy to make sure the endpoint id matches the mac address that's embedded in the cert subject name.  Also the format is different as the id presented from the controller is in xx:xx:xx:xx:xx:xx format.  the subject name ends with xxxxxxxxxxxx.  I'm certain this can be done but not sure the best way to go about this from efficiency standpoint.

Labels:
0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎04-02-2018 03:06 PM

I don't think ISE has the tool set to allow you to perform such comparisons.  The best thing would be to get the controller to send you the Calling-Station-Id in format xxxxxxxxxxxx (no delimiters).  And then in your Policy conditions you can use 'the Ends With' operator to test the Cert Subject whether it Ends With the Calling-Station-Id.

0 Helpful
Customers Also Viewed These Support Documents