Solved: Mac-Address Different format for Authorization on Cisco ISE

arikawahyono · ‎07-28-2013

Dear All,

I have problem with my Cisco ISE,

This is the design :

ISE ---- Core Switch ---- 3Com Switch --- PC User

My Case:

Authorization is based on Mac-address and Active Directory,

But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,

Mac-address Cisco format : XX:XX:XX:XX:XX:XX

Mac-address 3Com format : XXXX-XXXX-XXXX

3Com Switch type is TRICOM 4210 26-PORT.

Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.

note:

authorization based on Active Directory is not problem with 3Com Switch.

Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.

Thanks,

Arika Wahyono

Eduardo Aliaga · ‎07-28-2013

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

View solution in original post

Eduardo Aliaga · ‎07-28-2013

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

Tarik Admani · ‎07-29-2013

Hi,

Please check the ise 1.2 release notes for support for mab with non cisco switches. Seems as if some functionality has been added.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp354890

Sent from Cisco Technical Support Android App