The MAC OUI is referenced in the CLI field of the NAR, and the SSID is in the DNIS field.
Anyone know how to do this on ISE? Two questions -
1) I can match based on WLAN-ID, but not SSID. My WLAN-IDs for the same SSID don't match between controllers. Do I need to change this and make sure all WLAN-IDs map to the same SSID on each controller? Or, is there a different attribute I can use that refers to the SSID?
2) What attribute do you use in ISE Authorization conditions to match OUI? And can I match a list of OUIs?
1) I have never seen the actual SSID name anywhere in the radius attributes coming from the controller, i always use airespace-wlan-id, and if you wan't to avoid creating multiple rules, make the id's the same on all controllers.
2) Well OUI is part of the mac, so you could maybe use RegEX to filter out specific OUI's. Another way, if you have advanced license, would be to use Profiling, then ISE would do all the hard work of classifying what device is attempting to connect, and you could use that in your authoriz. policy ex . "Profiled:Iphone"
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...