08-12-2014 10:04 PM - edited 03-10-2019 09:56 PM
Hi Team!!
in ISE , Can a static acl be applied dynamically to a switch interface, i.e. if a port on a switch, which is allocated to a printer, becomes active but no certificate is received on the ISE, then the ISE will push an ACL to the switch port to only allow printer traffic. This could get around MAC authentication bypass possibly.
Cheers!!
Minakshi
Solved! Go to Solution.
08-20-2014 05:03 PM
08-13-2014 02:24 PM
Hello Minakshi-
You can definitely accomplish this by:
1. Configure the switch to support both mab and dot1x
2. Configure ISE for mab and dot1x
3. Configure a printer specific "dACL" in ISE
4. Configure a printer specific "Authorization Profile" in ISE and attach the dACL created in step #3 to it
5. Test :)
Thank you for rating helpful posts!
08-14-2014 05:53 AM
Hey Neno!!!
I need to do an import n export for Mac addresses in Bulk for MAB in ISE. Could you kindly attach the template of .CSV file which can be uploaded in ISE for MAB.
Thanks
Minakshi
08-14-2014 04:10 PM
I don't have the template handy with me but you can actually download it directly from ISE :)
Thank you for rating helpful posts!
08-21-2014 02:20 AM
Thanks Neno!!!
Appreciate it>>>
08-21-2014 02:59 AM
Hi Neno,
Thsi is not the correct template. I want to upload MAC address information in ISE for MAB.
Are you sure this is the correct template which you have sent?
Minakshi
08-21-2014 11:08 PM
Hi Neno,
I dont seem to find the attachement.
Minakshi
08-22-2014 12:46 PM
08-17-2014 07:28 PM
Hi neno,
Since I cannot download it. if possible could you please attach the template. There will be an ISE device available in your LAB. Can you download it from there and attach it,
Regards
Minakshi
08-20-2014 05:03 PM
08-21-2014 06:21 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide