Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
2
Replies

Specific users on ISE

jack samuel
Level 1
Level 1

‎11-15-2016 06:33 PM - edited ‎03-11-2019 12:14 AM

Dears,

I have a wireless ssid for managers on this ssid only manager should connect and it is working through pre-shared key authentication. At present the password is known to most of the non manager users what I want is that only managers laptop MAC address should only be allowed on this SSID rest others should not connect.

How I can achieve the above ??

thanks

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎11-16-2016 03:14 PM

if you have a list of all the mac addresses for the manager devices, then you can do the following -

enable mac filtering on the ssid

import the mac addresses into ISE, reference the endpoint identity group in an authorization policy, you can even add the SSID name via the called-station attribute to your policy.

ISE will only allow approved mac addresses after they enter the proper psk from the ssid.

Thanks.

0 Helpful

Gagandeep Singh
Cisco Employee
Cisco Employee

‎11-17-2016 02:04 AM

You can create endpoint identity group where you can put all mac addresses want to allow.

Can use this same identity group with Airspace wlan-id  as a condition in authorization policy. This way it will work for specific SSID and endpoint group.

Regards

Gagan 

Rate if it helps!!!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents