11-15-2016 06:33 PM - edited 03-11-2019 12:14 AM
Dears,
I have a wireless ssid for managers on this ssid only manager should connect and it is working through pre-shared key authentication. At present the password is known to most of the non manager users what I want is that only managers laptop MAC address should only be allowed on this SSID rest others should not connect.
How I can achieve the above ??
thanks
11-16-2016 03:14 PM
if you have a list of all the mac addresses for the manager devices, then you can do the following -
enable mac filtering on the ssid
import the mac addresses into ISE, reference the endpoint identity group in an authorization policy, you can even add the SSID name via the called-station attribute to your policy.
ISE will only allow approved mac addresses after they enter the proper psk from the ssid.
Thanks.
11-17-2016 02:04 AM
You can create endpoint identity group where you can put all mac addresses want to allow.
Can use this same identity group with Airspace wlan-id as a condition in authorization policy. This way it will work for specific SSID and endpoint group.
Regards
Gagan
Rate if it helps!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide