Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
0
Helpful
2
Replies

USB NIC Profiling Against JAMF MDM

Go to solution
eric.reeves
Level 1
Level 1

‎08-14-2017 09:09 AM

I have recently setup the ISE/JAMF MDM Network Integration and everything was going great with using JAMF as my MDM in ISE policy until I came to my newly issued MacBook Air that depends on a 3rd party USB NIC for wired 802.1x.  ISE queries JAMF and finds that the MAC address of the USB NIC is not the JAMF primary or secondary for the MacBook.  This would of course be true being this is a USB NIC and could be utilized on any machine corporate or not.  ISE then incorrectly sees the MacBook as MDM non-compliant. In testing, if I temporarily set the JAMF secondary MAC address to that of the USB NIC ISE is satisfied that the MacBook is an MDM compliant device and allows 802.1x to continue.  I feel like I am missing something here, but I am not sure what.  How do I configure this so that ISE checks the machine against the MDM and not simply just the USB NIC?

Thank you!

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎08-14-2017 01:14 PM

The issue is that the client identifier as revealed by RADIUS over LAN is the MAC address of connected device.  In your case, this is the USB NIC.  This may not be the same NIC that was used during MDM registration and thus a mismatch in device tracking.  Recommend engage Cisco sales team so they can raise issue with ISE PM for update on possible resolution in future.  I can forward thread to PM as well, but helps to have customer names attached along with impact.

/Craig

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Craig Hyps
Level 10
Level 10

‎08-14-2017 01:14 PM

The issue is that the client identifier as revealed by RADIUS over LAN is the MAC address of connected device.  In your case, this is the USB NIC.  This may not be the same NIC that was used during MDM registration and thus a mismatch in device tracking.  Recommend engage Cisco sales team so they can raise issue with ISE PM for update on possible resolution in future.  I can forward thread to PM as well, but helps to have customer names attached along with impact.

/Craig

0 Helpful

Go to solution
Parag Mahajan
Cisco Employee
Cisco Employee

‎08-17-2017 09:56 PM

I had same requirement for one of my customer. I also learn this through experience and abolished the plan for  checking  MAC address of MAC air endpoint in MDM when they are coming through wired.

0 Helpful
Customers Also Viewed These Support Documents