Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
1
Replies

ISE- Low Impact Mode with Non-Domain Devices

Go to solution
hadeermohamedfcis1042391
Level 1
Level 1

‎04-28-2020 03:50 AM

I tried to apply low impact mode on wired non-domain devices but connected to my network how to authenticate them?

And if I apply the ACL on the switch on these devices is it enough or not?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎04-28-2020 05:36 PM

This question is quite broad and general, but if the endpoint does not support 802.1x you would typically have a MAB 'fall-through' authentication policy (Internal Endpoints with the 'If user not found = CONTINUE' option).

You would then have an authorisation policy that uses either Profiling conditions or statically assign the MAC addresses to an Endpoint Identity Group and use that as a matching condition.

See the Secure Wired Access Prescriptive Deployment Guide for more information.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎04-28-2020 05:36 PM

This question is quite broad and general, but if the endpoint does not support 802.1x you would typically have a MAB 'fall-through' authentication policy (Internal Endpoints with the 'If user not found = CONTINUE' option).

You would then have an authorisation policy that uses either Profiling conditions or statically assign the MAC addresses to an Endpoint Identity Group and use that as a matching condition.

See the Secure Wired Access Prescriptive Deployment Guide for more information.

0 Helpful
Customers Also Viewed These Support Documents