Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1876
Views
0
Helpful
2
Replies

ISE 2.3.0.298 deny a MAC address authentication

bo liu
Level 4
Level 4

‎08-12-2019 02:46 AM - edited ‎07-05-2021 10:50 AM

hi

 

i have a ISE version is 2.3.0.298

 

now a device use a wrong password connect network the result is this username locked.

 

i need ISE deny this MAC.

 

who can tell me how to config??

Labels:
0 Helpful
2 Replies 2

bo liu
Level 4
Level 4

‎08-12-2019 02:49 AM

i want config a blacklist in policy before all authencation policy ,but i can't find the identy group in authencation....

0 Helpful

MTOMASSINI
Level 1
Level 1
In response to bo liu

‎08-14-2019 09:57 AM - edited ‎08-14-2019 09:58 AM

Hi,

 

I don't know if there is an advanced feature (except the Blacklist portal on the BYOD side of ISE) to block a user/mac but you can manually deny a MAC address.

 

You can create an endpoint group called "Blacklisted MAC" and add your mac into this endpoint group. Then you just need to create a policy that will check this Endpoint group and returns a "Deny" if the client mac address matches those in the group.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card