Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
3
Helpful
1
Replies

Fake MAC Detection - ISE

muhammad.ali111
Level 1
Level 1

‎05-09-2016 05:05 PM - edited ‎03-10-2019 11:45 PM

Hello, 

If someone is using a fake mac address can ise detect that? I mean if someone changed the mac address of their system and there is authentication based on mac address will ise detect that this is fake address and cannot access a certain resource?

Labels:
0 Helpful
1 Reply 1

jan.nielsen
Level 7
Level 7

‎05-10-2016 08:32 AM

If you are talking about someone spoofing a mac that you have entered into ISE, so it is authenticated alone on the mac address, then no. ISE will only get the mac address from the switch, and there is no way to detect that something is "fake" in authentication, because it actually isn't. Profiling and Posture assesment can be used to enforce other policies, and react if those are not fulfilled, but if you are using MAB that is normally not an option. I always suggest using a DACL when using MAB, to restrict the access that the user gets, if they are authenticated with MAB.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents