cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

709
Views
2
Helpful
2
Replies
Highlighted
Cisco Employee

Can I use PIC with MAB (Easy Connect)?

Rather than configure 802.1X on the switches and endpoints, can I just do MAB and use PIC to get the users' identity?

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Can I use PIC with MAB (Easy Connect)?

Hi Thomas,

MAC Authentication Bypass (MAB) is a form or authentication.  You can use it in conjunction with PassiveID in ISE for EasyConnect.  Unfortunately, ISE-PIC does not support any form of authentication such as RADIUS 802.1X, MAB, or EasyConnect.  ISE-PIC features are passive only.

Regards,

-Tim

View solution in original post

2 REPLIES 2
Cisco Employee

Re: Can I use PIC with MAB (Easy Connect)?

Hi Thomas,

MAC Authentication Bypass (MAB) is a form or authentication.  You can use it in conjunction with PassiveID in ISE for EasyConnect.  Unfortunately, ISE-PIC does not support any form of authentication such as RADIUS 802.1X, MAB, or EasyConnect.  ISE-PIC features are passive only.

Regards,

-Tim

View solution in original post

Cisco Employee

Re: Can I use PIC with MAB (Easy Connect)?

To pile onto that:  ISE-PIC is just a form factor of ISE that cuts down the features and meets a specific price-point for a passive-ID ONLY solution.

All the ISE-PIC functionality is in full ISE!  So go with full ISE, using BASE licensing to get you the EasyConnect use-cases that Tim is referring to.

PIC will only learn of authentications from another source, and share them to the "subscribers" like StealthWatch.  If you are going to use any network authentication/authorization (MAB, 802.1X, EzConnect, TrustSec, etc.) then you need to move to the normal ISE form-factor and not the cut-down passive-only package.

Hope that adds clarity.

Aaron