cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

981
Views
0
Helpful
1
Replies
Highlighted
Beginner

ISE - Profiling - MAC Address Spoofing

Hi Experts,


My Customer has Profiling enabled on the Prod ISE deployment and are correctly profiling Aruba AP's using MAB not Dot1x as the auth method.

Customer is concerned that if the MAC address of the AP's spoofed would it be used on any device linux/windows etc to gain access to the network.

The probes that they have currently setup are DHCP,Radius.

Is there a way to avoid MAC Address Spoofing in the above scenario?

Thanks

Nadeem

1 REPLY 1
Highlighted
Cisco Employee

Nadeem, I suggest limiting access using VLAN or ACL for AP access. The ACL can be crafted to allow for APs to join the controller, which at minimum would include DHCP, DNS, and GRE to the controller.

Hosuk

Content for Community-Ad