07-28-2013 09:38 PM - edited 03-10-2019 08:41 PM
Dear All,
I have problem with my Cisco ISE,
This is the design :
ISE ---- Core Switch ---- 3Com Switch --- PC User
My Case:
Authorization is based on Mac-address and Active Directory,
But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,
Mac-address Cisco format : XX:XX:XX:XX:XX:XX
Mac-address 3Com format : XXXX-XXXX-XXXX
3Com Switch type is TRICOM 4210 26-PORT.
Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.
note:
authorization based on Active Directory is not problem with 3Com Switch.
Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.
Thanks,
Arika Wahyono
Solved! Go to Solution.
07-28-2013 09:54 PM
Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.
07-28-2013 09:54 PM
Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.
07-29-2013 12:15 AM
Hi,
Please check the ise 1.2 release notes for support for mab with non cisco switches. Seems as if some functionality has been added.
http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp354890
Sent from Cisco Technical Support Android App
07-29-2013 12:53 AM
Dear Tarik,
Are you sure with ise 1.2 my case will solved?
my current ISE is 1.1.2.145.
Thanks,
Arik
07-29-2013 02:11 AM
Not sure because it is not listed in compatibility matrix list.
07-29-2013 02:17 AM
Ravi,
Can you show me the compability matrix list?
Thanks,
07-29-2013 02:19 AM
Please find the attached Compatibility list
07-29-2013 07:36 AM
I do not think Cisco will add these vendors to the supported switch matrix because then it would be a support issue that cisco would have to deal with, much like most of the AD issues I experienced when I worked in TAC. Your best bet would be to run the evaluation license instance in a lab and have a 3com switch point against that.
Other than that I do not recommend upgrading to 1.2 without validating that the new "multi-vendor" MAB support will work on your switch.
PS- Keep in mind that my comments is just my opinion so you may need to open a TAC case for an official answer.
Tarik Admani
*Please rate helpful posts*
09-19-2013 09:12 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: