Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1494
Views
0
Helpful
2
Replies

ISE domain PC question

Go to solution
Eric Lindsey
Level 1
Level 1

‎03-05-2013 04:42 PM - edited ‎03-10-2019 08:09 PM

I am trying to figure out how to grant access to users based on user authentication and computer accounts. I am trying to setup our ISE so that if a user on our domain connects to the wifi it will check to see if the PC they connected from is a member of our domain. If the computer is a member of the domain they will get full access to our network. If they are not s member of our domain they will get put into a different vlan than only has Internet access. Ultimately I would like to have a group in active directory for computer accounts that are allowed on the wifi. Is a setup like this possible? I have tried a few things and i can not get the computer account part to work.

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vikasyad
Level 1
Level 1

‎03-07-2013 08:57 AM

Hi Eric,

We  can create different rules in the authorization policies as per the  your scenarios. For you query we can setup the following rule

step1

: Prior to user enetering theri credentials.....machine will get authorized access when machine  boots up

iselabin.local:ExternalGroups==Domain  Computers

step2

:User will enter credentials and he will get  authorized access because of  2nd Rule.

Network Access:WasMachineAuthenticated ==True

                              AND

iselabin.local:ExternalGroups==Domain Users

Also you need to go through the MAR as you are using Macine+User  authentication.Below is the link for the same in which you can find MAR  section.:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354105.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip Vilhelmsson
Level 1
Level 1

‎03-06-2013 12:53 AM

Hi Eric,

Look in this thread:

https://supportforums.cisco.com/thread/2166573

I think they are talking about the same thing.

Regards,

Philip

0 Helpful

Go to solution
vikasyad
Level 1
Level 1

‎03-07-2013 08:57 AM

Hi Eric,

We  can create different rules in the authorization policies as per the  your scenarios. For you query we can setup the following rule

step1

: Prior to user enetering theri credentials.....machine will get authorized access when machine  boots up

iselabin.local:ExternalGroups==Domain  Computers

step2

:User will enter credentials and he will get  authorized access because of  2nd Rule.

Network Access:WasMachineAuthenticated ==True

                              AND

iselabin.local:ExternalGroups==Domain Users

Also you need to go through the MAR as you are using Macine+User  authentication.Below is the link for the same in which you can find MAR  section.:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354105.

0 Helpful
Customers Also Viewed These Support Documents