Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1315
Views
10
Helpful
3
Replies

ISE - MAC address to user posture

Go to solution
manvik
Level 3
Level 3

‎03-12-2022 04:18 AM

Can ISE posture permit a user login from specified MAC address only. There are 2000+ users. Each user will be logging on from their system only. ie an user should be permitted from the corresponding MAC address only

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎03-12-2022 06:03 PM

Hi @manvik ,

 try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

 

Hope this helps !!!

View solution in original post

3 Replies 3

Go to solution
Marcelo Morais
VIP
VIP

‎03-12-2022 06:03 PM

Hi @manvik ,

 try the following:

1st at Administration > Identity Management > External Identity Sources > Active Directory > select your AD > Attributes > Add (for ex.: Description).

2nd insert the MAC Addr of each User into the Description attribute on your Active Directory

3rd at Policy Set > select the Policy > Authorization > create the following Condition (for ex.:)

RADIUS: Calling Station ID EQUALS <AD>:Description

 

Hope this helps !!!

Go to solution
manvik
Level 3
Level 3
In response to Marcelo Morais

‎03-14-2022 09:39 PM

Thank you @Marcelo Morais 

That sounds like a solution. Our scenario is liek, an user has 3 to 4 devices. They can login from any of those devices. I assume, in this case we can give MAC address in diff AD parameters and refer all those in Auth policy.

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to manvik

‎03-15-2022 06:28 AM

Hi @manvik ,

 yes, that's correct, you can choose the AD parameters that best suit you.

 

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents