cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2147
Views
0
Helpful
8
Replies
Highlighted
Beginner

Mac-Address Different format for Authorization on Cisco ISE

Dear All,

I have problem with my Cisco ISE,

This is the design :

ISE ---- Core Switch ---- 3Com Switch --- PC User

My Case:

Authorization is based on Mac-address and Active Directory,

But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,

Mac-address Cisco format :  XX:XX:XX:XX:XX:XX

Mac-address 3Com format :  XXXX-XXXX-XXXX

3Com Switch type is TRICOM 4210 26-PORT.

Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.

note:

authorization based on Active Directory is not problem with 3Com Switch.

Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.

Thanks,

Arika Wahyono

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

View solution in original post

8 REPLIES 8
Highlighted
Enthusiast

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

View solution in original post

Highlighted
Advocate

Hi,

Please check the ise 1.2 release notes for support for mab with non cisco switches. Seems as if some functionality has been added.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp354890


Sent from Cisco Technical Support Android App

Highlighted

Dear Tarik,

Are you sure with ise 1.2 my case will solved?

my current ISE is 1.1.2.145.

Thanks,

Arik

Highlighted

Not sure because it is not listed in compatibility matrix list.

Highlighted

Ravi,

Can you show me the compability matrix list?

Thanks,

Highlighted

Please find the attached Compatibility list

Highlighted

I do not think Cisco will add these vendors to the supported switch matrix because then it would be a support issue that cisco would have to deal with, much like most of the AD issues I experienced when I worked in TAC. Your best bet would be to run the evaluation license instance in a lab and have a 3com switch point against that.

Other than that I do not recommend upgrading to 1.2 without validating that the new "multi-vendor" MAB support will work on your switch.

PS- Keep in mind that my comments is just my opinion so you may need to open a TAC case for an official answer.

Tarik Admani
*Please rate helpful posts*

Highlighted

Please find the attached Compatibility list