Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2323
Views
2
Helpful
5
Replies

Tell ISE to ignore a MAC?

Go to solution
Dustin Anderson
VIP Alumni
VIP Alumni

‎10-10-2017 01:00 PM

Is there a way to tell ISE to ignore a MAC address before auth?

I have a lot of employees trying to join the corporate network that are not allowed. There phones continuously retry to connect and a lot don't enter correct credentials, so I don't know who it is.

I know you can turn on a RADIUS lockout after a few bad attempts, but there's no easy way to remove someone that got on it legitimately, so we don't have it turned on.

I don't want to blacklist on the WLC since they can use BYOD(Not run by ISE)

I really just hate the crap in the livelogs and don't want to just create filters. I'd like to be able to tell ISE not to waste it's resources.

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Dustin Anderson

‎10-11-2017 09:07 AM

You are correct that the collection filters not helping PSN performance. They are meant for M&T. Please bring up your enhancement requests with your Cisco account team so that our product management may consider it.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
ITCOMMS
Level 1
Level 1

‎10-10-2017 07:15 PM

Hey Dustin,

For our WLCs we use client exclusion ( with increased timeout ) to limit traffic sent to ISE.

802.1X Client Exclusion on an AireOS WLC - Cisco

Once it hits ISE though, if you don't want to use a blacklist you can use anomalous client suppression.

You can disable the 'reject requests' option, if you want to avoid legitimate clients being impacted, and there is still a benefit in reduced logs.

Cheers.

0 Helpful

Go to solution
Dustin Anderson
VIP Alumni
VIP Alumni
In response to ITCOMMS

‎10-11-2017 08:11 AM

Thanks, we have most of this in place, but still a lot of clutter. I was looking at the ISE blacklist, but it takes effect after authentication, and since there not passing that, I can't blacklist there.I may just blacklist on the WLC and wait to see if anyone calls.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Dustin Anderson

‎10-11-2017 08:35 AM

To eliminate cluttering M&T reports and live logs, we may define collection filters Cisco Identity Services Engine Administrator Guide, Release 2.3 - Logging Mechanism [Cisco Identity Services Engine] - …

0 Helpful

Go to solution
Dustin Anderson
VIP Alumni
VIP Alumni
In response to hslai

‎10-11-2017 08:43 AM

The downside with collection filters is you have the create one for each device. It would be nice to be able to filter by an endpoint group or such.

And this is mainly cosmetic as there are not enough to impact the system performance.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Dustin Anderson

‎10-11-2017 09:07 AM

You are correct that the collection filters not helping PSN performance. They are meant for M&T. Please bring up your enhancement requests with your Cisco account team so that our product management may consider it.

0 Helpful
Customers Also Viewed These Support Documents