Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2596
Views
5
Helpful
2
Replies

MAC address deleted from Internal endpoint groups but still authenticating

Go to solution
marco.p.agustin.mil
Level 1
Level 1

‎04-13-2021 12:26 PM

I have a Cisco ISE 2.6 running MAB authentication only. The list of authorized MACs has been uploaded to ISE. However, after deleting one MAC address, the endpoint still authenticates and successfully connects to the network. I checked logs and its saying that the endpoint MAC is found on the internal endpoints idstore. I am not sure why it would still authenticate even after the MAC has been removed from the authorized list.

 

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎04-13-2021 12:56 PM

Does the MAC address appear back in the Context Visibility > Endpoint GUI view? ISE will add an endpoint by default if you are providing an access accept result back to the network device. 

When you look at the live log, which authentication and authorization rule is it hitting, check the result of that authorization rule. 

View solution in original post

2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎04-13-2021 12:56 PM

Does the MAC address appear back in the Context Visibility > Endpoint GUI view? ISE will add an endpoint by default if you are providing an access accept result back to the network device. 

When you look at the live log, which authentication and authorization rule is it hitting, check the result of that authorization rule. 

Go to solution
marco.p.agustin.mil
Level 1
Level 1
In response to Damien Miller

‎04-15-2021 09:54 AM

Yes that is exactly what happened. Thank you for pointing me to the right direction.

0 Helpful
Customers Also Viewed These Support Documents