About EHNET

EHNET · 03-02-2023

We are trying to using MAB and existing internal endpoints as a whitelist ( I know it is not secure enough) to prevent new mac to access network. So I want anything that is not in internal endpoint to be rejected at authentication phase.Is there anyw...

EHNET · 02-23-2023

Hi, I am new to ISE and try to implement it. But I am confused by the hierarchy of NDGsFor example, I created a parent group called Building A using All locations as root group.And then I created two child groups of Building A, called them floor 1 a...

EHNET · 03-09-2023

You need an ACL to permit dhcp traffic and use it on the interfacesomething like:Extended IP access list ACL-DEFAULT10 permit udp any eq bootpc any eq bootps20 permit udp any any eq domain30 permit icmp any any40 deny ip any any

EHNET · 03-03-2023

Thanks for your reply. Your solution is similar to another reply that using profiling to put new MAC in a dynamic ID group. But we need to keep these MACs in this ID group once they are added. These MAC will connect to other NAD after they are onboar...

EHNET · 03-03-2023

Thanks. Looks like using API to populate that whitelist is the way. We are on 3.1 now, I will see if that 3.2 feature meet our needs. One more question, will there be any performance issue, if I have more than 10k MAC in that ID group and authorizati...

EHNET · 03-02-2023

What I want is using a trusted switch as an onboarding platform to learn new MAC and add these MAC to a trusted ID group, keep them in that group. Later, these MAC would connect to other switches, as they already included in that ID group, they can b...

EHNET · 03-02-2023

Thanks for your suggestion. I guess the method here can assign MAC to an ID group when it is connected to that specific switch. But when the same MAC connects to another switch. That MAC wont be in that ID group any more.What I want is using a truste...

Member Since	‎02-23-2023 02:32 PM
Date Last Visited	‎02-14-2024 12:05 AM
Posts	17
Total Helpful Votes Received	1

User Statistics

User Activity

Is there any way to prevent new MAC to be added to internal endpoints

ISE3.1 network device groups hierarchy

Re: ISE , DHCP issue

Re: Is there any way to prevent new MAC to be added to internal endpoi

Re: Is there any way to prevent new MAC to be added to internal endpoi

Re: Is there any way to prevent new MAC to be added to internal endpoi

Re: Is there any way to prevent new MAC to be added to internal endpoi