Cisco Community
English
Register
New community login process starting July 13 - LEARN MORE HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2296
Views
0
Helpful
8
Replies
arikawahyono
Beginner
Beginner
‎07-28-2013 09:38 PM
‎07-28-2013 09:38 PM

Mac-Address Different format for Authorization on Cisco ISE

Dear All,

I have problem with my Cisco ISE,

This is the design :

ISE ---- Core Switch ---- 3Com Switch --- PC User

My Case:

Authorization is based on Mac-address and Active Directory,

But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,

Mac-address Cisco format :  XX:XX:XX:XX:XX:XX

Mac-address 3Com format :  XXXX-XXXX-XXXX

3Com Switch type is TRICOM 4210 26-PORT.

Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.

note:

authorization based on Active Directory is not problem with 3Com Switch.

Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.

Thanks,

Arika Wahyono

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Eduardo Aliaga
Enthusiast
Enthusiast
‎07-28-2013 09:54 PM
‎07-28-2013 09:54 PM

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

View solution in original post

0 Helpful
8 REPLIES 8
Eduardo Aliaga
Enthusiast
Enthusiast
‎07-28-2013 09:54 PM
‎07-28-2013 09:54 PM

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

View solution in original post

0 Helpful
Tarik Admani
Advocate
Advocate
‎07-29-2013 12:15 AM
‎07-29-2013 12:15 AM

Hi,

Please check the ise 1.2 release notes for support for mab with non cisco switches. Seems as if some functionality has been added.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp354890


Sent from Cisco Technical Support Android App

0 Helpful
arikawahyono
Beginner
Beginner
In response to Tarik Admani
‎07-29-2013 12:53 AM
‎07-29-2013 12:53 AM

Dear Tarik,

Are you sure with ise 1.2 my case will solved?

my current ISE is 1.1.2.145.

Thanks,

Arik

0 Helpful
Ravi Singh
Rising star
Rising star
In response to arikawahyono
‎07-29-2013 02:11 AM
‎07-29-2013 02:11 AM

Not sure because it is not listed in compatibility matrix list.

0 Helpful
arikawahyono
Beginner
Beginner
In response to Ravi Singh
‎07-29-2013 02:17 AM
‎07-29-2013 02:17 AM

Ravi,

Can you show me the compability matrix list?

Thanks,

0 Helpful
Ravi Singh
Rising star
Rising star
In response to arikawahyono
‎07-29-2013 02:19 AM
‎07-29-2013 02:19 AM

Please find the attached Compatibility list

0 Helpful
Tarik Admani
Advocate
Advocate
In response to Ravi Singh
‎07-29-2013 07:36 AM
‎07-29-2013 07:36 AM

I do not think Cisco will add these vendors to the supported switch matrix because then it would be a support issue that cisco would have to deal with, much like most of the AD issues I experienced when I worked in TAC. Your best bet would be to run the evaluation license instance in a lab and have a 3com switch point against that.

Other than that I do not recommend upgrading to 1.2 without validating that the new "multi-vendor" MAB support will work on your switch.

PS- Keep in mind that my comments is just my opinion so you may need to open a TAC case for an official answer.

Tarik Admani
*Please rate helpful posts*

0 Helpful
Ravi Singh
Rising star
Rising star
In response to arikawahyono
‎09-19-2013 09:12 PM
‎09-19-2013 09:12 PM

Please find the attached Compatibility list

Preview file
383 KB
0 Helpful
Latest Contents
#CiscoChat Live - Cisco Secure Email + SecureX: Extending em...
Created by greghami on 07-22-2021 09:45 AM
3
0
3
0
Join us for a detailed discussion of the integrations between Cisco Secure Email and SecureX. We’ll share the various ways that SecureX provides greater visibility across the Cisco Security landscape and demonstrate how Secure Email is the ... view more
Mobile number field placeholder customization
Created by sivsivar on 07-19-2021 06:57 AM
0
0
0
0
    ISE 2.7 FCS   To display default country code and Place holder customization please follow the below steps.   Upload the attached js file in Custom Portal Files. Go to portal and add the below script in the Registration Form pag... view more
Orbital Query Corner - Two Views of PrintNightmare
Created by brmcmaho on 07-16-2021 02:43 PM
0
10
0
10
Part 1: The Basics Hard-copy printing may feel very “old school” now, but a recent flurry of activity related to the print spooler service on Windows operating systems has brought one of the oldest IT applications back into the spotlight again.  Our... view more
Python on Secure Email Vulnerability Concerns [July 2021]
Created by Robert Sherwin on 07-14-2021 06:12 AM
0
0
0
0
Python on Cisco Secure Email The Python package used in our appliances is not a standard deployment --- just like AsyncOS is not your typical FreeBSD (a free and open-source Unix-like operating system descended from the Berkeley Software Distributio... view more
Cisco ISE, WLC and Umbrella Tripartite Pact
Created by meddane on 07-12-2021 06:56 AM
0
0
0
0
 Wireless Controller WLC integration with Cisco ISE for access control through 802.1X is one of the most popular deployment in the network security field. Now is the employee PC safe after the authentication and authorization?even after the posture o... view more
Content for Community-Ad