cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

730
Views
10
Helpful
3
Replies
manvik
Beginner

ISE - MAC address to user posture

Can ISE posture permit a user login from specified MAC address only. There are 2000+ users. Each user will be logging on from their system only. ie an user should be permitted from the corresponding MAC address only

1 ACCEPTED SOLUTION

Accepted Solutions
Marcelo Morais
VIP Advisor

Hi @manvik ,

 try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

 

Hope this helps !!!

View solution in original post

3 REPLIES 3
Marcelo Morais
VIP Advisor

Hi @manvik ,

 try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

 

Hope this helps !!!

Thank you @Marcelo Morais 

That sounds like a solution. Our scenario is liek, an user has 3 to 4 devices. They can login from any of those devices. I assume, in this case we can give MAC address in diff AD parameters and refer all those in Auth policy.

Hi @manvik ,

 yes, that's correct, you can choose the AD parameters that best suit you.

 

Regards.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube