cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1147
Views
0
Helpful
2
Replies

ISE: learn MAC address automatically

naoki_Japan
Beginner
Beginner

I am confused since ISE automatically learn MAC address even if I disable the profiling service( disable any probe).....

 

As test I am using the policy set like below.

Rule name                             condition                          allowedprotocol                use/profile

MAB_Pol_set                       wired_MAB                        HOST_LOOKUP

 

MAB_AuthC                         wired_MAB                                                                internal endpoint

 

MAB_AuthZ                         wired_MAB

                                            NetworkAccessAuthenticatiionStatus=passed             PermintAccess

 

 

when a PC the MAC address of which is not registered manually is connected, the authorization is failed.

however, at the same time, ISE automatically learn the MAC address.

And when the PC get connected (this is second time), the authentication and authorization are succeed, and the PC get the network access.

 

 

 

how could I fix this?

I thought that I could disable automatic MAC address learning by disabling profiling service but it does not work.

 

 

1 Accepted Solution

Accepted Solutions

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

Hi @naoki_Japan ,

 as an example ... you are able to:

1st create an Endpoint Identity Groups (at Administration > Identity Management > Groups) and manually add the MACs.

2nd create an Authorization Policy (Policy > Policy Sets) with the following condition:

WIRED_MAB
and
IdentityGroup.Name
Equals <your Endpoint Identity Groups>

 

Hope this helps !!!

View solution in original post

2 Replies 2

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

Hi @naoki_Japan ,

 as an example ... you are able to:

1st create an Endpoint Identity Groups (at Administration > Identity Management > Groups) and manually add the MACs.

2nd create an Authorization Policy (Policy > Policy Sets) with the following condition:

WIRED_MAB
and
IdentityGroup.Name
Equals <your Endpoint Identity Groups>

 

Hope this helps !!!

thank you.

I will narrow down the requirement of authorization by adding Endpoint Identity Group as you said.

THX

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers