Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACL--- ISE

Hi Team!!

 

    in ISE , Can a static acl  be applied dynamically to a switch interface, i.e. if a port on a switch, which is allocated to a printer, becomes active but no certificate is received on the ISE, then the ISE will push an ACL to the switch port to only allow printer traffic.  This could  get around MAC authentication bypass possibly.

 

Cheers!!

Minakshi

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Please find attached. Thank

Please find attached.

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
10 REPLIES
Cisco Employee

Hello Minakshi-You can

Hello Minakshi-

You can definitely accomplish this by:

1. Configure the switch to support both mab and dot1x

2. Configure ISE for mab and dot1x

3. Configure a printer specific "dACL" in ISE

4. Configure a printer specific "Authorization Profile" in ISE and attach the dACL created in step #3 to it

5. Test :)

 

Thank you for rating helpful posts! 

Thank you for rating helpful posts!
New Member

Hey Neno!!!   I need to do an

Hey Neno!!!

 

  I need to do an  import n export for Mac addresses in Bulk for MAB in ISE. Could you kindly attach the template of .CSV file which can be uploaded in ISE for MAB.

 

 

Thanks

Minakshi

Cisco Employee

I don't have the template

I don't have the template handy with me but you can actually download it directly from ISE :)

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
New Member

Thanks Neno!!!  Appreciate it

Thanks Neno!!!

 

 

Appreciate it>>>

 

 

New Member

Hi Neno,   Thsi is not the

Hi Neno,

 

  Thsi is not the correct template. I want to upload MAC address information in ISE for MAB.

 

Are you sure this is the correct template which you have sent?

 

Minakshi

New Member

Hi Neno,   I dont seem to

Hi Neno,

 

  I dont seem to find the attachement.

 

Minakshi

Cisco Employee

That is strange because I can

That is strange because I can see it...let's try for the third time :)

Thank you for rating helpful posts!
New Member

Hi neno,   Since I cannot

Hi neno,

 

  Since I cannot download it. if possible could you please attach the template. There will be an ISE device available in your LAB. Can you download it from there and attach it,

 

 

Regards

Minakshi

Cisco Employee

Please find attached. Thank

Please find attached.

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
Cisco Employee

Sorry about that, it was

Sorry about that, it was indeed the incorrect template. Here is the correct one. 

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
86
Views
5
Helpful
10
Replies
CreatePlease to create content