Solved: Re: ISE - MAC address to user posture

manvik · ‎03-12-2022

Can ISE posture permit a user login from specified MAC address only. There are 2000+ users. Each user will be logging on from their system only. ie an user should be permitted from the corresponding MAC address only

Marcelo Morais · ‎03-12-2022

Hi @manvik ,

try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

Hope this helps !!!

View solution in original post

Marcelo Morais · ‎03-12-2022

Hi @manvik ,

try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

Hope this helps !!!

manvik · ‎03-14-2022

Thank you @Marcelo Morais

That sounds like a solution. Our scenario is liek, an user has 3 to 4 devices. They can login from any of those devices. I assume, in this case we can give MAC address in diff AD parameters and refer all those in Auth policy.

Marcelo Morais · ‎03-15-2022

Hi @manvik ,

yes, that's correct, you can choose the AD parameters that best suit you.

Regards.