Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1787
Views
5
Helpful
10
Replies

ACL--- ISE

Go to solution
minkumar
Level 1
Level 1

‎08-12-2014 10:04 PM - edited ‎03-10-2019 09:56 PM

Hi Team!!

 

    in ISE , Can a static acl  be applied dynamically to a switch interface, i.e. if a port on a switch, which is allocated to a printer, becomes active but no certificate is received on the ISE, then the ISE will push an ACL to the switch port to only allow printer traffic.  This could  get around MAC authentication bypass possibly.

 

Cheers!!

Minakshi

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to minkumar

‎08-20-2014 05:03 PM

Please find attached.

 

Thank you for rating helpful posts!

View solution in original post

template.csv__0.zip
0 Helpful
10 Replies 10

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎08-13-2014 02:24 PM

Hello Minakshi-

You can definitely accomplish this by:

1. Configure the switch to support both mab and dot1x

2. Configure ISE for mab and dot1x

3. Configure a printer specific "dACL" in ISE

4. Configure a printer specific "Authorization Profile" in ISE and attach the dACL created in step #3 to it

5. Test :)

 

Thank you for rating helpful posts! 

0 Helpful

Go to solution
minkumar
Level 1
Level 1
In response to nspasov

‎08-14-2014 05:53 AM

Hey Neno!!!

 

  I need to do an  import n export for Mac addresses in Bulk for MAB in ISE. Could you kindly attach the template of .CSV file which can be uploaded in ISE for MAB.

 

 

Thanks

Minakshi

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to minkumar

‎08-14-2014 04:10 PM

I don't have the template handy with me but you can actually download it directly from ISE :)

 

Thank you for rating helpful posts!

Go to solution
minkumar
Level 1
Level 1
In response to nspasov

‎08-21-2014 02:20 AM

Thanks Neno!!!

 

 

Appreciate it>>>

 

 

0 Helpful

Go to solution
minkumar
Level 1
Level 1
In response to minkumar

‎08-21-2014 02:59 AM

Hi Neno,

 

  Thsi is not the correct template. I want to upload MAC address information in ISE for MAB.

 

Are you sure this is the correct template which you have sent?

 

Minakshi

0 Helpful

Go to solution
minkumar
Level 1
Level 1
In response to minkumar

‎08-21-2014 11:08 PM

Hi Neno,

 

  I dont seem to find the attachement.

 

Minakshi

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to minkumar

‎08-22-2014 12:46 PM

That is strange because I can see it...let's try for the third time :)

template2.csv__0.zip
0 Helpful

Go to solution
minkumar
Level 1
Level 1

‎08-17-2014 07:28 PM

Hi neno,

 

  Since I cannot download it. if possible could you please attach the template. There will be an ISE device available in your LAB. Can you download it from there and attach it,

 

 

Regards

Minakshi

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to minkumar

‎08-20-2014 05:03 PM

Please find attached.

 

Thank you for rating helpful posts!

template.csv__0.zip
0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎08-21-2014 06:21 AM

Sorry about that, it was indeed the incorrect template. Here is the correct one. 

 

Thank you for rating helpful posts!

template2.csv_.zip
0 Helpful
Customers Also Viewed These Support Documents