cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

298
Views
0
Helpful
2
Replies
Highlighted
Beginner

Specific users on ISE

Dears,

I have a wireless ssid for managers on this ssid only manager should connect and it is working through pre-shared key authentication. At present the password is known to most of the non manager users what I want is that only managers laptop MAC address should only be allowed on this SSID rest others should not connect.

How I can achieve the above ??

thanks

2 REPLIES 2
Highlighted
Advocate

if you have a list of all the mac addresses for the manager devices, then you can do the following -

enable mac filtering on the ssid

import the mac addresses into ISE, reference the endpoint identity group in an authorization policy, you can even add the SSID name via the called-station attribute to your policy.

ISE will only allow approved mac addresses after they enter the proper psk from the ssid.

Thanks.

Highlighted
Cisco Employee

You can create endpoint identity group where you can put all mac addresses want to allow.

Can use this same identity group with Airspace wlan-id  as a condition in authorization policy. This way it will work for specific SSID and endpoint group.

Regards

Gagan 

Rate if it helps!!!!!

Content for Community-Ad