cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1498
Views
10
Helpful
3
Replies

ISE - MAC address to user posture

manvik
Level 3
Level 3

Can ISE posture permit a user login from specified MAC address only. There are 2000+ users. Each user will be logging on from their system only. ie an user should be permitted from the corresponding MAC address only

1 Accepted Solution

Accepted Solutions

Hi @manvik ,

 try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

 

Hope this helps !!!

View solution in original post

3 Replies 3

Hi @manvik ,

 try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

 

Hope this helps !!!

Thank you @Marcelo Morais 

That sounds like a solution. Our scenario is liek, an user has 3 to 4 devices. They can login from any of those devices. I assume, in this case we can give MAC address in diff AD parameters and refer all those in Auth policy.

Hi @manvik ,

 yes, that's correct, you can choose the AD parameters that best suit you.

 

Regards.