cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1048
Views
1
Helpful
1
Replies
jpujol
Cisco Employee

Rewrite calling-station-id for authorization policy

Hi,

I have a customer who wants to verify the MAC address written in a machine certificate (CN attribute), but the certificate wasn't deployed through ISE, and the MAC address in the certificate doesn't have the format expected by ISE (from the calling-station-id).

Is there a way to rewrite the calling-station-id or the cert attribute in any way ? I don't see any alternative in the documentation but applying a strict = comparison.

Thanks,

jean-francois

1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee

When Radius:Calling-Station-ID in the left hand side of the condition, there will be an option to treat the field as MAC address so that the comparison is normalized. This is supported since ISE 1.2 by CSCtz41262

View solution in original post

1 REPLY 1
hslai
Cisco Employee

When Radius:Calling-Station-ID in the left hand side of the condition, there will be an option to treat the field as MAC address so that the comparison is normalized. This is supported since ISE 1.2 by CSCtz41262

View solution in original post

Content for Community-Ad