Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are trying to using MAB and existing internal endpoints as a whitelist ( I know it is not secure enough) to prevent new mac to access network. So I want anything that is not in internal endpoint to be rejected at authentication phase.Is there anyw...
Hi, I am new to ISE and try to implement it. But I am confused by the hierarchy of NDGsFor example, I created a parent group called Building A using All locations as root group.And then I created two child groups of Building A, called them floor 1 a...
You need an ACL to permit dhcp traffic and use it on the interfacesomething like:Extended IP access list ACL-DEFAULT10 permit udp any eq bootpc any eq bootps20 permit udp any any eq domain30 permit icmp any any40 deny ip any any
Thanks for your reply. Your solution is similar to another reply that using profiling to put new MAC in a dynamic ID group. But we need to keep these MACs in this ID group once they are added. These MAC will connect to other NAD after they are onboar...
Thanks. Looks like using API to populate that whitelist is the way. We are on 3.1 now, I will see if that 3.2 feature meet our needs. One more question, will there be any performance issue, if I have more than 10k MAC in that ID group and authorizati...
What I want is using a trusted switch as an onboarding platform to learn new MAC and add these MAC to a trusted ID group, keep them in that group. Later, these MAC would connect to other switches, as they already included in that ID group, they can b...
Thanks for your suggestion. I guess the method here can assign MAC to an ID group when it is connected to that specific switch. But when the same MAC connects to another switch. That MAC wont be in that ID group any more.What I want is using a truste...
