06-18-2021 04:05 AM
Hey guys,
Good day.
I have some vendors and some 3rd party users in my network but they are not in my Active directory but some of those users access network using VPN, but after deploying ISE can I somehow bind the MAC addresses of vendor's laptop, as these users are not in my AD. Is there some feature in ISE that can address this issue.
TIA
06-18-2021 04:17 AM
No ISE won't learn those laptop MAC addresses.
What VPN are they using? If using ASA or FTD then you can create a custom tunnel-group for those users and then in ISE use the radius avp "Cisco-VPN3000:CVPN3000/ASA/PIX7x-Tunnel-Group-Name" EQUALS <NAME>. You can then filter traffic sourced from that tunnel-group and authenticate against the ISE local user store.
07-04-2021 08:32 PM
If using Cisco AnyConnect with ASA, ISE can learn the MAC addresses from ASA.
06-27-2021 03:45 PM
VPN uses Layer 3 (IP) and not Layer 2 (MAC).
I don't understand what you want to do with ISE with your vendors/third-party users.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide