01-17-2019 09:45 AM
We are having issues with JAMF where it doesn't collect the MAC addresses of Ethernet adapters during inventory update, so when ISE doing MAB and inquiring JAMF for the device via the USB adapter Mac-address JAMF doesn't have record of it, then ISE getting reply that machine with that mac-address is NOT registered and ISE treat it as guest machine, what is the fix for this issue? maybe hardcode the USB NIC mac-address as secondary MAC in JAMF?
Thanks
Mustafa
01-17-2019 10:30 AM
The challenge is MAC OS generates a unique MAC address for those USB ethernet adapters and can be dynamic so even if you hardcode it, my understanding is that is could still change when the driver is loaded. This is an issue with how MAC OS handles the Ethernet adapter.
Regards,
-Tim
01-17-2019 11:33 AM
This is a common problem with any MDM. I have seen more mobile phones that don't register their wireless MAC with the MDM as well. This breaks the whole MDM check in ISE because all ISE has to go on is the MAC address being presented during authentication.
What type of authentication are you doing? If your Macs are domain joined you can have JAMF configure them for PEAP computer authentication or if JAMF is pushing certificates to them you can do EAP-TLS. There is typically no need to do MDM checks if you are just trying to see if the device is a corporate asset.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide