07-31-2018 12:56 AM - edited 07-05-2021 08:54 AM
Hello experts,
I want to implement two factor authentication for specific users group. via AD + MAC authentication..
I want to create (Auth annd AuthZ) rule in ISE to allows specific users Group (from AD) and with there mac address.
Could you please guide me to create rules in ISE.
Thanks in advance
Solved! Go to Solution.
08-03-2018 01:27 AM
Hi,
Follow these steps:
1. Create a SSID with 802.1x (Dont enable MAC filtering)
2. Create identity group "XYZ" and add the mac address of clients in it.
3. Create a Authentication policy that allows MAB/PEAP and identity store must have AD and Internal host
4. Create AuthZ policy: Match Identity Group and dot1x and return with desired permission.
I hope it will work.
Regards
Dont forget to rate helpful posts
08-03-2018 03:51 AM
Where exactly its failing ?
is it passing Authentication ? if not then try to create a normal rule:
Authentication Policy:
TWO factor Auth : If (Wirless_802.1x)..........AND.....AllowProtocols: PEAP(or default network access)
Authorization Policy :
TWO factor AuthZ :If (Identity Group name) AND Wireless_802.1x then Permit access(or desired permission)
Regards
Dont forget to rate helpful posts
07-31-2018 09:56 PM
experts...any help about two factor authentication!!!!
07-31-2018 10:18 PM
07-31-2018 10:50 PM
I haven't done this myself but there is another thread asking nearly the same thing:
About Halfway down is apost by nspasov:
Which looks like it has the answer
Hope this helps
*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
08-03-2018 01:20 AM
No its not working!!!!!!
08-03-2018 01:27 AM
Hi,
Follow these steps:
1. Create a SSID with 802.1x (Dont enable MAC filtering)
2. Create identity group "XYZ" and add the mac address of clients in it.
3. Create a Authentication policy that allows MAB/PEAP and identity store must have AD and Internal host
4. Create AuthZ policy: Match Identity Group and dot1x and return with desired permission.
I hope it will work.
Regards
Dont forget to rate helpful posts
08-03-2018 01:39 AM
Ok i will try it and let you know.
Thanks
08-03-2018 03:04 AM
Sandeep,
Its not working...
08-03-2018 03:51 AM
Where exactly its failing ?
is it passing Authentication ? if not then try to create a normal rule:
Authentication Policy:
TWO factor Auth : If (Wirless_802.1x)..........AND.....AllowProtocols: PEAP(or default network access)
Authorization Policy :
TWO factor AuthZ :If (Identity Group name) AND Wireless_802.1x then Permit access(or desired permission)
Regards
Dont forget to rate helpful posts
08-03-2018 04:27 AM
Thank you very much. Its working now.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide