Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1383
Views
0
Helpful
4
Replies

MAC book authentication with Cisco 3.0 with JAMF

network_geek1979
Level 1
Level 1

‎02-01-2022 01:31 AM

Team,

We have been trying to work on authentication/authorization for our MAC books with the Cisco ISE 3.0.
The MAC books are registered(or call it enrolled) with JAMF.

How best can we ensure that JAMF can be used as a MDM to authorize the MAC books?

 

We went through various combinations like registered status, MDM servers reachable etc. but no success.

It can be that the parameters that are being passed by the MAC book are not complaint with anything the JAMF is sending or the JAMF is knowing.

 

Any kind of help or suggestion here would be of extreme help.

 

Our end goal here is to make the MAC book authentication as seamlessly as possible to the network.

 

 

Regards,

N!

0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎02-01-2022 01:59 AM

 

 - You may find this document useful : https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/discussions-network-access-control/455447/2/JAMF%20Integration%20with%20ISE%20as%20MDM.pdf

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

network_geek1979
Level 1
Level 1
In response to marce1000

‎02-01-2022 02:40 AM

Hi Marce,

We have tried all these steps. The challenge is that we cannot get any of the Attributes working.

We are not sure if this is even begin received from the JAMF.

 

Regards,

N!

0 Helpful

marce1000
VIP
VIP
In response to network_geek1979

‎02-01-2022 02:54 AM

- Does the Jamf have some logging facilities and or log files that you can
examine ?


-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎02-01-2022 01:50 PM

A couple things here...

The MDM API used prior to ISE version 3.1 (APIv2) uses the MAC address of the endpoint as the only identifier to check against the MDM server. You should confirm that the MAC address that ISE sees from the endpoint is what is captured by JAMF as part of enrolment. If the MacBooks are using a dongle for Wired connections and/or the Wifi connection is using a randomised MAC address, it will break the MDM checks. There is an enhancement in ISE 3.1 to mitigate both of these issues, but it also requires the MDM vendor to support the new MDM APIv3 (which I don't know if JAMF has implemented yet).

If you're using the non-randomised Wireless connection and have confirmed that JAMF has registered the same MAC address that ISE sees from the authentication, you will probably need to setup the debug logs as per this document and review the ise-psc.log to see what response ISE is getting from the MDM server.

If this is an urgent issue, please open a TAC case to investigate further.

0 Helpful
Customers Also Viewed These Support Documents