Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello all,
on a new environment we are implementing NAC with Cisco ISE 3.2
We will manage 802.1x and MAB access for different companies belonging to the same groups.
I would like to focus on authorization policies managing MAB access and the best pra...
Thanks for your suggestion and clear explanation.
In order to mantain also the check on the company/location my endpoint is connecting to can I proceed as in the following?
Locations assigned to NAD and endpoints:company custom attributes are taken ...
Vlan name - ID pair is the same on all location (printers has always id 12, pc has always id 13 ecc).
Per policy I can't permit that the printer, or any other object authenticated via MAB, of one company can access the network of another company; mak...
I can't ignore location because I need to discriminate on which site the endpoint is accessing (endpoint of one company can't access the network of another company..).
802.1x is present but it's already managed.
Vlan ID is not the real issue because ...
We are not really in a multi-tenancy scenario. We have same AD and all companies use same services published by the groups.
The only limit I have is that endpoints of one company (MAC belonging to company specific segment group) can't access network ...
