Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ISE Authz rules with location based device

Hi forumers'

I have a POC situation as below:

A policy to restirct contractor only able to log-in to the network using AP-01

There's no problem for me to do the authentication and authorization rules for me to get the contractor connect, but my challenge is how i should apply the "only able to log-in to the network using AP-01" requirement?

My AP is cisco 1041 AP, what and how should i to enable this happen any fulfill the requirement?

thanks

Noel

5 REPLIES

ISE Authz rules with location based device

Noel,

Can you post the access-request that is sent from the AP to the ACS? Either we can use the NAS-IP-Address or see if the hostname is sent in one of the attributes and go from there.

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

ISE Authz rules with location based device

Hi Tarik,

Sorry for late reply.

I am using ISE v1.0, so where i can get this info from ?

Thanks

Noel;

ISE Authz rules with location based device

It should be in the monitoring page under authentication, when you click on the magnifying glass you should be able to see the details of the attributes that are being sent.

Or you can run a report for radius authentication and export the pdf of the authentication details.

thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*

ISE Authz rules with location based device

I think at least you should get the "Called-Station-ID=:your-ssid"

in your logs. So based on this you can define a policy that matches the AP radio and the SSID.

Take care if the AP is dual-radio, then you have 2 different mac addresses on each AP in question.

New Member

ISE Authz rules with location based device

Hi Kistjan,

Thakns for reply

So what's the deal with AP dual-radio? I need to insert two MAC addres as called-station-ID?

Thanks

Noel

718
Views
0
Helpful
5
Replies
CreatePlease to create content