cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2943
Views
0
Helpful
8
Replies

Mac-Address Different format for Authorization on Cisco ISE

arikawahyono
Level 1
Level 1

Dear All,

I have problem with my Cisco ISE,

This is the design :

ISE ---- Core Switch ---- 3Com Switch --- PC User

My Case:

Authorization is based on Mac-address and Active Directory,

But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,

Mac-address Cisco format :  XX:XX:XX:XX:XX:XX

Mac-address 3Com format :  XXXX-XXXX-XXXX

3Com Switch type is TRICOM 4210 26-PORT.

Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.

note:

authorization based on Active Directory is not problem with 3Com Switch.

Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.

Thanks,

Arika Wahyono

1 Accepted Solution

Accepted Solutions

Eduardo Aliaga
Level 4
Level 4

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

View solution in original post

8 Replies 8

Eduardo Aliaga
Level 4
Level 4

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

Please check the ise 1.2 release notes for support for mab with non cisco switches. Seems as if some functionality has been added.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp354890


Sent from Cisco Technical Support Android App

Dear Tarik,

Are you sure with ise 1.2 my case will solved?

my current ISE is 1.1.2.145.

Thanks,

Arik

Not sure because it is not listed in compatibility matrix list.

Ravi,

Can you show me the compability matrix list?

Thanks,

Please find the attached Compatibility list

I do not think Cisco will add these vendors to the supported switch matrix because then it would be a support issue that cisco would have to deal with, much like most of the AD issues I experienced when I worked in TAC. Your best bet would be to run the evaluation license instance in a lab and have a 3com switch point against that.

Other than that I do not recommend upgrading to 1.2 without validating that the new "multi-vendor" MAB support will work on your switch.

PS- Keep in mind that my comments is just my opinion so you may need to open a TAC case for an official answer.

Tarik Admani
*Please rate helpful posts*

Please find the attached Compatibility list

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: