Solved: ISE to cross-check MAC address from SCCM to allow (temp) network access

baysat · ‎05-23-2019

Task is:

New native client data is entered into SCCM and client needs access to the network in order to download patches etc. until the 802.X1 certificate is installed, which is the prime network access condition.

ISE will detect an unknown MAC address without a certificate and should then connect to SCCM and cross-check the existence of the MAC address in order to allow access without a certificate. (may be even just for a limited period)

I presume it can be done with a script using the API?
Can not find any documentation how this could be done.

Hints are welcome

Nidhi · ‎05-23-2019

Do you mean authenticating the endpoint from SCCM database? if yes, this is not supported

Thanks,

Nidhi

View solution in original post

Nidhi · ‎05-23-2019

Do you mean authenticating the endpoint from SCCM database? if yes, this is not supported

Thanks,

Nidhi

baysat · ‎05-27-2019

Yes, the idea was to cross-check the existence of the MAC in SCCM or even import client data e.g. MAC Address from SCCM.

I was hoping this would have been possible by now, since other data can be retrieved from SCCM

baysat · ‎05-28-2019

Can you confirm that ISE can not at least import MAC adresses from SCCM ?

I thought this was implemented

Nidhi · ‎05-23-2019

Do you mean authenticating the endpoint from SCCM database? if yes, this is not supported

Thanks,

Nidhi