Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
1
Replies

ISE MAB authtentication with Security Violation

safwat.ghazy
Level 1
Level 1

‎03-13-2019 11:21 AM

i have configured ISE MAB authentication for the customer and he requested that if unauthorized device (his mac address not listed in the MAB list) tried to access the network ISE will configure the interfaces in error-disable or shutdown mode so that even if an authorized device connect back to the port it won't let you until an administrator comes in and re-enables that port that has been shutdown.

please advise if above is possible

0 Helpful
1 Reply 1

paul
Level 10
Level 10

‎03-13-2019 12:48 PM

The best way would be to use an Auto Smartport macro on the switch that shutdown the port and has no "DOWN" trigger setup:

 

!
! Turn off auto device control, forgetting this could shoot yourself in the foot
!
no macro auto global control device
!
! Turn off the default trigger, forgetting this could shoot yourself in the foot
!
no macro auto global control trigger
macro auto global processing
!
shell trigger ISE-PORT-SHUTDOWN ISE Invoked Macro
macro auto execute ISE-PORT-SHUTDOWN {
if [[ $LINKUP == YES ]]; then
conf t
interface $INTERFACE
shutdown

exit
fi

}

 

Then in ISE you would assign the ISE-PORT-SHUTDOWN auto smartport result in the authorization profile.

0 Helpful
Customers Also Viewed These Support Documents