We are setting up ISE. I need to setup a rule that uses 802.1x authentication to authenticate a user plus the MAC address of the machine must be in an endpoint group and it has to be on a particular ssid. If the user is connecting to the wrong ssid or the Mac is in the wrong endpoint group it should fail to connect. Is that possible with ISE 2.0?
Yes, use endpoint identity group with the MAC address combined with a condition checking AD group membership and that the Airespace-WLAN-ID=xx or Radius Called Station ID ends with the SSID name in the authorization policy.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
